On 23/02/2012 7:00 p.m., Jiang Wen Dong wrote:
> Website in local LAN.
>
> Forward mode, not reverse mode.
>
> auth_param ntlm keep_alive on
auth_param is proxy-auth headers in forward-proxy mode.
You need client_persistent_connections and server_persistent_connections
ON. For keep-alive. These should be on by default in 3.1+, so the thing
to check is whether you disabled those.
> NTLM doesn��t work, neither Kerberos.
Very strange. As I said www-auth headers just get passed straight
through the proxy to the www server.
Amos
>
> ------------------------------------------------
> Jiang Wendong (���Ķ�)
> IT Dept.
> Tel: 010-5822-3486/3481
> Mobile: 13811249966
> E-Mail: wendong.jiang_at_td-tech.com / jiangwendong_at_huawei.com
>
>
>
> -----�ʼ�Ô��-----
> ������: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> ����ʱ��: 2012��2��23�� 12:34
> �ռ���: squid-users_at_squid-cache.org
> ����: Re: [squid-users] Can't access IIS website with Integrated Windows Authentication, why?
>
> On 22/02/2012 5:30 p.m., Jiang Wen Dong wrote:
>> I have 2 IIS website with Integrated Windows Authentication.
>>
>> Users access internet and these 2 websites by squid.
>> Access internet is ok, but can��t access these 2 websites.
>>
>> I have tied v3.1 and v3.2 with default config, but the problem still there.
>>
>> It seems squid cut off www-auth information.
>>
>> Anybody can help me with this?
> Is squid operating in forward or reverse proxy mode?
> * forward proxy never touch www-auth headers
> * reverse proxy are where the auth is destined to be tested. Squid will attempt to validate them using your configured auth_param.
> NP: login using NTLM credentials to a backend is not supported. (what often appears to be a "relay" is actually Squid logging into the backend itself).
>
> Is the website on the local LAN or out on the Internet?
> * NTLM requires end-to-end connectivity. Many Internet links do not provide those guarantees since proxy gateways and NAT were invented.
>
> Do you have persistent connections enabled or disabled?
> * NTLM requires them.
>
>
> Amos
>
> CAUTION: This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender of this message immediately. ( (c)TD Tech Co.,Ltd)
> ��Ҫ��ʾ�����ʼ��������߱������ʣ�������ҵ���ܡ��ܷ��ɱ�������й¶������������յ����ʼ����ش����������ʼ��Ļ����ԣ�������֪ͨ���Dz�������ϵͳ��ɾ�����ʼ�����������������Ǵ��ʼ�Ӧ�����ռ��ˣ���ע�ⲻ�ɶԴ��ʼ����丽���������á����ƻ�������͸¶�����ݡ� ( (c)TD Tech Co.,Ltd)
Received on Sat Feb 25 2012 - 23:26:01 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 26 2012 - 12:00:05 MST