RE: [squid-users] Connection pinning (NTLM pass through)

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Sunday, May 27, 2012 1:22 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Connection pinning (NTLM pass through)
>
> On 26/05/2012 8:31 a.m., Petter Abrahamsson wrote:
> > Hi,
> >
> > I'm trying to get NTLM pass through to work with squid 3.1.19. I have
> > followed the instructions found on the wiki[1] on connection pinning
> > but I just keep receiving 401 status messages.
> > Below is the very simple squid.conf that I'm using for this test.
> >
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/32 ::1
> > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
> > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> > acl SSL_ports port 443
> > acl Safe_ports port 80 # http
> > acl Safe_ports port 21 # ftp
> > acl Safe_ports port 443 # https
> > acl Safe_ports port 70 # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535 # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > acl CONNECT method CONNECT
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localnet
> > http_access allow localhost
> > http_access deny all
> > http_port 8080 connection-auth=on
> > hierarchy_stoplist cgi-bin ?
> > coredump_dir /var/cache/squid
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> > refresh_pattern . 0 20% 4320
> >
> > And below is the corresponding access.log entries with obfuscated ip
> > addresses and host names.
> >
> > 1337976537.852 63 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976550.714 29 192.168.12.214 TCP_MISS/401 1074 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976551.025 57 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976554.627 57 192.168.12.214 TCP_MISS/401 1074 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976558.006 3128 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976559.462 59 192.168.12.214 TCP_MISS/401 1074 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976559.760 56 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> >
> > I feel like I'm missing something obvious since the instructions on
> > the wiki are quite simple.
> > When I try the same website through a v2.7 squid it lets me login.
> > Let me know if any other information is needed.
> > Any help would be very much appreciated.
>
> Check the HTTP headers at each point before/after Squid for keep-alive.
> There is something a little strange going on with HTTP/1.1 connections to
> servers and NTLM keep-alive in 3.1.19. If you are able to do some code
> digging that would help as well.
>
> Amos

Hi Peter.

I'm having the same issues with a IIS portal site. In 3.1 it doesn't work but with 2.7 it does. Have you managed to fix this problem by any chance?

Kind Regards
Jasper
Received on Fri Jul 27 2012 - 05:54:33 MDT