Re: [squid-users] Kerberos TCP/DENIED 407

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 09 Mar 2012 00:55:00 +1300

On 8/03/2012 9:17 p.m., JC Putter wrote:
> Hi
>
> I followed http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
>
> I can see the cache.log the the client is authenticating with a Kerberos ticket however for every connection get a TCP/DENIED 407 and then the connection is made. Is this not what NTLM does? I thought that with Kerberos this does not happen?

One 407 is normal for all HTTP authentications. NTLM requires two.

> I have a very strange issue we are using Zimbra Desktop client and with the proxy settings the Zimbra Desktop client fails to connect..
>
> TCP_DENIED/407 2173 CONNECT cluster01.zimbra.com:443 - NONE/- text/html
>
> but all the other browsers (IE,FF,Chrome) everything works but the log is full of TCP/DENIED 407.
>
> Any help should be appreciated
>
> SQUID3 Stable19
>

I assume you mean 3.1.19 and not 3.0.STABLE19 ?

CONNECT + auth should not have been a problem since 3.1.15. Is that
desktop client app sending the credentials ticket?

Amos
Received on Thu Mar 08 2012 - 11:55:40 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 08 2012 - 12:00:02 MST