RES: [squid-users] ntlm locking user accounts in 2003 AD

From: Stacker Hush <stackerhush_at_gmail.com>
Date: Fri, 16 Jul 2010 18:23:16 -0300

Thanks for the answer.

To enable HTTP/1.1 is in my case the right way is changing the lines below:

http_port 127.0.0.1:3128 transparent http11
http_port 8080 http11
cache_peer 127.0.0.1 parent 8081 0 no-query login=*:nopassword http11

including the http11 parameter?

Thanks,

Stacker

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: 2010/7/13
Subject: Re: [squid-users] ntlm locking user accounts in 2003 AD
To: Stacker Hush <stackerhush_at_gmail.com>
Cc: squid-users_at_squid-cache.org

mån 2010-07-12 klockan 12:03 -0300 skrev Stacker Hush:

> The problem is when some user request webpages i have alot with of 680
EVENT
> (logon) in Windows events/security, with seconds of interval
This is normal and by design of Microsoft NTLM authentication. Every new
TCP connection by the client to the proxy requires an new NTLM logon
handshake.

The rate of this is reduced a fair bit if you enable HTTP/1.1 support to
clients (2.7 required). But be warned that the HTTP/1.1 client support
in 2.7 is quite experimental.

> and sometimes
> the user account are locked.
That's not normal.

Regards
Henrik
Received on Fri Jul 16 2010 - 21:23:27 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 17 2010 - 12:00:03 MDT