Re: [squid-users] NTLM auth to remote server fails through squid

From: Peter Olsson <>
Date: Mon, 16 Jul 2012 21:35:55 +0200


On Mon, Jul 16, 2012 at 09:03:00PM +0300, Eliezer Croitoru wrote:
> On 7/16/2012 7:05 PM, Peter Olsson wrote:
> > We're trying to connect to a remote server that
> > requires authentication. This works fine when
> > we place the browser client on the Internet, but
> > when we place the browser client behind squid the
> > authentication popup just returns without accepting
> > the login.
> can you please be more specific about the topology?

My test setup is very easy. Just a single squid server
in plain proxy mode, using two network interfaces.
One interface towards Internet, the other running a
private network.

I have a single PC client connected to the private interface
in the squid server. There is no connection from the private
network to the Internet without passing through the squid proxy.

The squid server is running, with the default
squid.conf installed by the tarball. Only differences
from default squid.conf are my added visible_hostname and
changed http_port from 3128 to 80. There is no transparency or
routing between interfaces configured in the squid server,
just plain proxy from inside to outside.

The external server I'm trying to reach is on the Internet.
If I try to connect to this server through squid, I don't
get authenticated. If I however move the PC client to the
Internet, so it doesn't pass through squid, the authentication
to the external server works fine.


Peter Olsson

> it's kind of fog to me.
> if you can out up some IP's for the devices and network relationship
> will be very helpful.
> if you can attach squid.conf it will be more efficient.
> <SNIP>
> > What could be the reason for this auth failure?
> > What debug values should I use?
> >
> > NB: This is not about authenticating to the proxy server,
> > we allow proxy connections from inside without authentication.
> > The question is about authenticating to an external server
> > that is out of our control.
> please describe more the position of the client and server,
> proxy and server.
> Eliezer
> >
> > Thanks!
> >
> --
> Eliezer Croitoru
> IT consulting for Nonprofit organizations
> eliezer <at>

Peter Olsson          
Received on Mon Jul 16 2012 - 19:36:18 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 17 2012 - 12:00:02 MDT