Re: [squid-users] Problems with Vista and Internet Explorer - NTLM Auth

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 31 Jul 2008 12:05:05 +1200 (NZST)

> Hello Squid gurus.

Greetings. comments in line below...

>
> Our proxy service was working very good until the last week when we
> received reports about some students couldn’t use the wireless LAN. In
> our network, if you are using wired LAN you can use the proxy without
> password, if you use the wireless, Squid prompts for a user/password
> (NTLM). The problem occurs with Windows Vista and Explorer 7. If you
> tried to surf there is no prompt for user password and you received the
> page error
> "Cache Use Denied", in the access.log shows TCP DENIED, if you try in
> the same computer with Firefox, works without problems.
>
> If you use Firefox with Vista or another operative system, or Explorer
> with XP, 2000, etc, everything is alright. The only problem is the mix,
> Windows Vista with Explorer 7.
>
> We were using Squid 2.6.17-1 with NTLM Auth (winbind, Samba 3.025b-1-14)
> in CentOS 5.2. Now we upgraded to Squid 3.0.7-1 (from Fedora�s src rpm)
> but the problem is the same. Before the problem we didn�t change
> anything. I just erased these lines from my squid.conf after the problem
> but the situation is the same:
>
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic -d=5
> auth_param basic children 30
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
>
>
> Do you have any report about problems with Vista and Explorer (maybe a
> new patch)?

Is this the NTLM helper bundled with Squid? Or the one provided by the
Samba project?
The old Squid one is very old and has limited actual NTLM capability. I
would not be surprised if Vista+IE7 is making use of advanced NTLM it
can't handle. You may have better results with the Samba project helper.

The squid one is proposed for removal due to its problems:
http://www.squid-cache.org/bugs/show_bug.cgi?id=2272

Samba how-to if you need it:
http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM

If this is the Samba helper they may have more details on the issue.

Amos
Received on Thu Jul 31 2008 - 00:35:02 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 31 2008 - 12:00:05 MDT