锟斤拷: [squid-users] Can't access IIS website with Integrated Windows Authentication, why? from Jiang Wen Dong on 2012-02-22 (squid-users)

From: Jiang Wen Dong <wendong.jiang_at_td-tech.com>
Date: Thu, 23 Feb 2012 14:00:16 +0800

Website in local LAN.

Forward mode, not reverse mode.

auth_param ntlm keep_alive on
NTLM doesn锟斤拷t work, neither Kerberos.

------------------------------------------------
Jiang Wendong (锟斤拷锟侥讹拷)
IT Dept.
Tel: 010-5822-3486/3481
Mobile: 13811249966
E-Mail: wendong.jiang_at_td-tech.com / jiangwendong_at_huawei.com

-----锟绞硷拷原锟斤拷-----
锟斤拷锟斤拷锟斤拷: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
锟斤拷锟斤拷时锟斤拷: 2012锟斤拷2锟斤拷23锟斤拷 12:34
锟秸硷拷锟斤拷: squid-users_at_squid-cache.org
锟斤拷锟斤拷: Re: [squid-users] Can't access IIS website with Integrated Windows Authentication, why?

On 22/02/2012 5:30 p.m., Jiang Wen Dong wrote:
> I have 2 IIS website with Integrated Windows Authentication.
>
> Users access internet and these 2 websites by squid.
> Access internet is ok, but can锟斤拷t access these 2 websites.
>
> I have tied v3.1 and v3.2 with default config, but the problem still there.
>
> It seems squid cut off www-auth information.
>
> Anybody can help me with this?

Is squid operating in forward or reverse proxy mode?
* forward proxy never touch www-auth headers
* reverse proxy are where the auth is destined to be tested. Squid will attempt to validate them using your configured auth_param.
NP: login using NTLM credentials to a backend is not supported. (what often appears to be a "relay" is actually Squid logging into the backend itself).

Is the website on the local LAN or out on the Internet?
* NTLM requires end-to-end connectivity. Many Internet links do not provide those guarantees since proxy gateways and NAT were invented.

Do you have persistent connections enabled or disabled?
* NTLM requires them.

Amos

CAUTION: This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender of this message immediately. ( (c)TD Tech Co.,Ltd)
锟斤拷要锟斤拷示锟斤拷锟斤拷锟绞硷拷锟斤拷锟斤拷锟斤拷锟竭憋拷锟斤拷锟斤拷锟绞ｏ拷锟斤拷锟斤拷锟斤拷业锟斤拷锟杰★拷锟杰凤拷锟缴憋拷锟斤拷锟斤拷锟斤拷泄露锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷盏锟斤拷锟斤拷始锟斤拷锟斤拷卮锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷始锟斤拷幕锟斤拷锟斤拷裕锟斤拷锟斤拷锟斤拷锟酵ㄖ拷锟斤拷遣锟斤拷锟斤拷锟斤拷锟较低筹拷锟缴撅拷锟斤拷锟斤拷始锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟角达拷锟绞硷拷应锟斤拷锟斤拷锟秸硷拷锟剿ｏ拷锟斤拷注锟解不锟缴对达拷锟绞硷拷锟斤拷锟戒附锟斤拷锟斤拷锟斤拷锟斤拷锟矫★拷锟斤拷锟狡伙拷锟斤拷锟斤拷锟斤拷透露锟斤拷锟斤拷锟捷★拷 ( (c)TD Tech Co.,Ltd)
Received on Thu Feb 23 2012 - 06:00:29 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 26 2012 - 12:00:05 MST