Re: [squid-users] NTLM Authentication using the SMB helper - need help with access log problems

From: Henrik Nordstrom <[email protected]>
Date: Tue, 25 Mar 2003 08:58:44 +0100

Ken Thomson wrote:

> The server operates fine, and the authentication works as
> expected. My problem lies with the access.log file.
> Every request from a client is first denied and then
> accepted after being authenticated. This happens to
> *EVERY* request.

Yes, this is because of how NTLM authentication works.

On each new TCP connection from the browser the following happens

1a. Browser sends request without authentication
1b. Rejected by Squid as there is no authentication, squid proposing to
use NTLM
2a. Browser sends request with a NTLM NEGOTIATE packet embedded in the
headers
2b. Rejected by Squid with a NTLM CHALLENGE packet embedded in the
headers
3a. Browser sends request with a NTLM AUTHENTICATE packet embedded in
the headers
3b. Connection accepted by Squid if the authentication is successful.
This request and any future requests on the same TCP connection is
forwarded.

All responses by Squid is logged.

If this disturbs your log statistics then filter out TCP_DENIED/407
lines with no username before processing the logs.

Regards
Henrik
Received on Tue Mar 25 2003 - 01:00:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:20 MST