On 27/12/10 20:25, Senthilkumar wrote:
> Hi All,
>
> I am using squid 3.1.8 with icap, ntlm scheme. Everything works fine.
> I have a problem when i connect to a portal which is running on IIS
> server and it has external authentication.(i am not sure about the
> authentication used by the iis server, we hope it is ntlm )
Being IIS it probably is, check the WWW-Auth* header in the replies to
be sure. There may be alternative options you can make the browser use
by stripping the broken one out.
> When i connect to that site it asks for a username and password and it
> continues to ask even after providing username and password, finally the
> following error is displayed page cannot be displayed.
> In access log i can find TCP_DENIED/401.
> I have tried by enabling client_persistent connections on. But no luck.
> How can we make portal to work with squid?
NTLM does not work very well with HTTP to start with and does not work
at all over the Internet without a lot of trouble.
If it is NTLM:
You must enable persistent connections to both servers and clients,
enable authentication pass-thru hacks in Squid. Then cross your fingers
and hope that every other proxy admin does the same. Complain to the
website admin as well.
The other less-likely possibility is that it is Kerberos auth (almost as
bad as NTLM over the 'Net), or some other breakage.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Mon Dec 27 2010 - 21:00:38 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 28 2010 - 12:00:03 MST