[squid-users] Dreaded NTLM problems !!!

From: Neil A. Hillard <[email protected]>
Date: Wed, 20 Jul 2005 11:08:07 +0100

Hi,

        some of my users are having a problem accessing a site that uses NTLM
authentication, through our forward proxy (non intercepting).

I am fully aware of the problems with NTLM on web servers and have
pointed this out to webmaster of that site and although they have a plan
to change to Basic auth and SSL they haven't given any timescales.
Meanwhile our user needs to access the site. Our policy says that all
access should be via the proxy so we can't let them out directly through
the firewall.

What is strange is that squid (2.5-stable10) appears to be dropping the
'WWW-Authenticate' header.

This is the response returned by the web server:

> HTTP/1.1 401 Unauthorized
> Content-Length: 1656
> Content-Type: text/html
> Server: Microsoft-IIS/6.0
> WWW-Authenticate: NTLM
> MicrosoftSharePointTeamServices: 6.0.2.5530
> X-Powered-By: ASP.NET
> Date: Wed, 20 Jul 2005 09:26:14 GMT
> Connection: close

But by the time it reaches the clients it's:

> HTTP/1.0 401 Unauthorized
> Content-Length: 1656
> Content-Type: text/html
> Server: Microsoft-IIS/6.0
> MicrosoftSharePointTeamServices: 6.0.2.5530
> X-Powered-By: ASP.NET
> Date: Wed, 20 Jul 2005 09:26:14 GMT
> X-Cache: MISS from cache.example.com
> Proxy-Connection: keep-alive

I've had a search through the squid source and can't find anything
obvious that would be dropping it and I have no 'header_access' lines in
squid.conf.

I normally use Privoxy as a parent and to ensure it wasn't that causing
the problems I removed it.

I've observed this behaviour from cache.log after performing 'squid -k
debug' and a packet capture off the network.

Any advice would be gratefully appreciated.

TIA,

                                Neil.

-- 
Neil Hillard                    hillardn@whl.co.uk
Westland Helicopters Ltd.       http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
             views of Westland Helicopters Ltd.
Received on Wed Jul 20 2005 - 04:08:13 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT