Re: [squid-users] Log entries

From: Kinkie <[email protected]>
Date: Tue, 04 Jan 2005 22:59:59 +0100

On Tue, 2005-01-04 at 08:56, Paulo Andre wrote:
> I run squid 2.5Stable6 and samba 3.0.9, using ntlm auth.
>
> My squid logs will show the following:
> 1104824883.157 8 192.168.x.x TCP_DENIED/407 1334 GET
> http://www.squid-cache.org/Doc/FAQ/FAQ-25.html - NONE/- text/html
> 1104824883.161 0 192.168.x.x TCP_DENIED/407 1338 GET
> http://www.squid-cache.org/Doc/FAQ/FAQ-25.html - NONE/- text/html
> 1104824884.406 1245 192.168.x.x TCP_MISS/200 2795 GET
> http://www.squid-cache.org/Doc/FAQ/FAQ-25.html PANDRE DIRECT/206.168.0.9
> text/html
>
> Can someone tell me why the logs contain th following? Looks like the
> auth only goes through on the 3 try, can this be fixed?

It is not an error, just the way the braindead NTLM protocol has been
layered on top of HTTP.
For each TCP connection, the client will attempt to get the object
without any credentials, get denied along with the offer to support
NTLM. The client will then try again offering a NEGOTIATE packet, which
will be denied again with the offer of a CHALLENGE packet, to which the
client will reply finally giving the correct credentials which will be
'tied' to the TCP session until it gets closed by either end.

If you think (as I do) that this is downright stupid, please complain to
your elected Microsoft official.

        Kinkie
Received on Tue Jan 04 2005 - 15:00:02 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST