[squid-users] Squid 3.1 NTLM Passthrough (SSO) to IIS with Firefox

From: Bartschies, Thomas <Thomas.Bartschies_at_cvk.de>
Date: Tue, 8 Nov 2011 13:11:04 +0100

Hi,

our setup is:
Firefox 7.0.1, Squid 3.1.16 and Sharepoint Server on IIS.
In Firefox we've set already:
network.automatic-ntlm-auth.trusted-uris to the server address
network.automatic-ntlm-auth.allow-proxies = true (default)

in squid.conf, we've tried some combinations of the following settings,
having the current settings this way:
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch off

Every time we try to connect to the sharepoint site, the browser
authentication box pops up. Even when we supply
correct credentials, the request for them pops up again. Making it
impossible to logon to the site.

Internet Explorer 8/9 works fine. Google Chrome 15 also requests
credentials once and then logon works.

First question is: Should this even work with Firefox, or is it known
not to?

If it should work, what other settings we've possibly missed?

Connection pinning seems to be working, if I'm reading the traces
correctly. Sharepoint answers with HTTP Code 401.

Our Proxy Setup is open. There are absolutely no client address
restrictions and we're also not using proxy authentication.
So there's not ntlm_auth helper in use.

Kind regards,
Thomas
Received on Tue Nov 08 2011 - 12:11:05 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 08 2011 - 12:00:03 MST