答复: [squid-users] Can't access IIS website with Integrated Windows Authentication, why? from Jiang Wen Dong on 2012-02-22 (squid-users)

From: Jiang Wen Dong <wendong.jiang_at_td-tech.com>
Date: Thu, 23 Feb 2012 14:00:16 +0800

Website in local LAN.

Forward mode, not reverse mode.

auth_param ntlm keep_alive on
NTLM doesn’t work, neither Kerberos.

------------------------------------------------
Jiang Wendong (姜文栋)
IT Dept.
Tel: 010-5822-3486/3481
Mobile: 13811249966
E-Mail: wendong.jiang_at_td-tech.com / jiangwendong_at_huawei.com

-----邮件原件-----
发件人: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
发送时间: 2012年2月23日 12:34
收件人: squid-users_at_squid-cache.org
主题: Re: [squid-users] Can't access IIS website with Integrated Windows Authentication, why?

On 22/02/2012 5:30 p.m., Jiang Wen Dong wrote:
> I have 2 IIS website with Integrated Windows Authentication.
>
> Users access internet and these 2 websites by squid.
> Access internet is ok, but can’t access these 2 websites.
>
> I have tied v3.1 and v3.2 with default config, but the problem still there.
>
> It seems squid cut off www-auth information.
>
> Anybody can help me with this?

Is squid operating in forward or reverse proxy mode?
* forward proxy never touch www-auth headers
* reverse proxy are where the auth is destined to be tested. Squid will attempt to validate them using your configured auth_param.
NP: login using NTLM credentials to a backend is not supported. (what often appears to be a "relay" is actually Squid logging into the backend itself).

Is the website on the local LAN or out on the Internet?
* NTLM requires end-to-end connectivity. Many Internet links do not provide those guarantees since proxy gateways and NAT were invented.

Do you have persistent connections enabled or disabled?
* NTLM requires them.

Amos

CAUTION: This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender of this message immediately. ( (c)TD Tech Co.,Ltd)
重要提示：此邮件及附件具保密性质，包含商业秘密、受法律保护不得泄露。如果您意外收到此邮件，特此提醒您此邮件的机密性，请立即通知我们并从您的系统中删除此邮件及附件。如果您不是此邮件应当的收件人，请注意不可对此邮件及其附件进行利用、复制或向他人透露其内容。 ( (c)TD Tech Co.,Ltd)
Received on Thu Feb 23 2012 - 06:00:29 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 26 2012 - 12:00:05 MST