[squid-users] Connection pinning (NTLM pass through)

From: Petter Abrahamsson <petter_at_jebus.nu>
Date: Fri, 25 May 2012 16:31:27 -0400

Hi,

I'm trying to get NTLM pass through to work with squid 3.1.19. I have
followed the instructions found on the wiki[1] on connection pinning
but I just keep receiving 401 status messages.
Below is the very simple squid.conf that I'm using for this test.

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 8080 connection-auth=on
hierarchy_stoplist cgi-bin ?
coredump_dir /var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

And below is the corresponding access.log entries with obfuscated ip
addresses and host names.

1337976537.852 63 192.168.12.214 TCP_MISS/401 466 GET
http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
1337976550.714 29 192.168.12.214 TCP_MISS/401 1074 GET
http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
1337976551.025 57 192.168.12.214 TCP_MISS/401 466 GET
http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
1337976554.627 57 192.168.12.214 TCP_MISS/401 1074 GET
http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
1337976558.006 3128 192.168.12.214 TCP_MISS/401 466 GET
http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
1337976559.462 59 192.168.12.214 TCP_MISS/401 1074 GET
http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
1337976559.760 56 192.168.12.214 TCP_MISS/401 466 GET
http://www.example.net/directory/ - DIRECT/x.x.x.x text/html

I feel like I'm missing something obvious since the instructions on
the wiki are quite simple.
When I try the same website through a v2.7 squid it lets me login.
Let me know if any other information is needed.
Any help would be very much appreciated.

Regards,
/petter

[1] http://wiki.squid-cache.org/Features/ConnPin
Received on Fri May 25 2012 - 20:31:38 MDT

This archive was generated by hypermail 2.2.0 : Sun May 27 2012 - 12:00:04 MDT