Hi,
I'm in the folloqing setup with Squid 2.7STABLE3 :
Client ---> Squid ---> NTLM enabled proxy with transparent auth ---> Internet
I use the following configuration directives to achieve this:
cache_peer 172.17.86.27 parent 8080 0 proxy-only no-query default
no-digest login=PASS
persistent_connection_after_error on
never_direct allow all
My clients are member of an active directory domain, and get
authenticated transparently (no auth pop-up) through my squid server .
It works correctly with windows XP/2000/2003 clients, but i'm facing a
problem that occurs only on 2008/ SEVEN clients:
I get intempestive login pop-ups with these clients on some websites,
especially when browsing the following page :
https://www-304.ibm.com/support/docview.wss?uid=swg27017522
If I look at my NTLM enabled proxy logs, i can see for each error the
following entries :
httpproxy[15164]: [0xb1366f38] auth_adir_auth_crap_callback
(auth_adir.c:883) Authorization denied (NT_STATUS_WRONG_PASSWORD)
After that, and because our password policy locks accounts after 3
auth failures, the user is locked out.
I already tried to force on client side " Send only NTLMv2 responses "
and disable 128Bit encryption enforcement, but no luck.
if anybody has a clue...
Thank you.
Received on Mon Mar 26 2012 - 14:42:32 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 27 2012 - 12:00:03 MDT