Re: [squid-users] Squid 3 with AD Integration has Sharepoint Access problem!!

From: Go Wow <gowows_at_gmail.com>
Date: Tue, 22 Mar 2011 10:34:21 +0400

Below is the complete log. This is for one request to the sharepoint
from squid, at the end it pops for username/pass

1300775478.267 1 192.168.50.123 TCP_DENIED/407 4268 GET
http://sharepoint/ - NONE/- text/html
1300775478.277 2 192.168.50.123 TCP_DENIED/407 4598 GET
http://sharepoint/ - NONE/- text/html
1300775478.289 8 192.168.50.123 TCP_MISS/401 1729 GET
http://sharepoint/ DOMAIN\james.watson DIRECT/192.168.100.64 text/html
1300775478.311 1 192.168.50.123 TCP_DENIED/407 4360 GET
http://sharepoint/ - NONE/- text/html
1300775478.318 2 192.168.50.123 TCP_DENIED/407 4690 GET
http://sharepoint/ - NONE/- text/html
1300775478.329 7 192.168.50.123 TCP_MISS/401 1050 GET
http://sharepoint/ DOMAIN\james.watson DIRECT/192.168.100.64 text/html
1300775478.344 1 192.168.50.123 TCP_DENIED/407 5014 GET
http://sharepoint/ - NONE/- text/html
1300775478.351 2 192.168.50.123 TCP_DENIED/407 5344 GET
http://sharepoint/ - NONE/- text/html
1300775478.362 7 192.168.50.123 TCP_MISS/401 1729 GET
http://sharepoint/ DOMAIN\james.watson DIRECT/192.168.100.64 text/html

On 21 March 2011 09:59, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 21/03/11 18:16, Go Wow wrote:
>>
>> Sharepoint is integrated with NTLM, normally it doesn't ask for
>> username and password. Also if we enter username and password when the
>> pop up comes then its not accepting. Why does it allow some users and
>> block others? Just to mention I changed my squid3 config to add NTLM
>> support with 2 auth_param basic and NTLM. Is this the cause of
>> problem??
>
> That change might make a browser bug visible. I have not seen any other
> cases of it though.
>  The proxy login and the server login are completely separate in HTTP and
> Squid. The browser *should* be considering each to be separate and sending
> the right ones.
>
>
> Browser only sends credentials when they have to. First nothing, which squid
> 407 challenges. Then just the proxy ones which the server 401 challenges.
> Then both, which works.
>
> So what you see in the logs would be:
>   TCP_MISS/407 1729 GET http://spserver/ - NONE/-
>   TCP_MISS/401 1729 GET http://spserver/ DOMAIN-NAME\User.Name
> DIRECT/192.168.50.124 text/html
>   TCP_MISS/200 4567 GET http://spserver/ DOMAIN-NAME\User.Name
> DIRECT/192.168.50.124 text/html
>  ...
>
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.11
>  Beta testers wanted for 3.2.0.5
>
Received on Tue Mar 22 2011 - 06:34:29 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 24 2011 - 12:00:04 MDT