[squid-users] AW: NTLM problem with Internet explorer/windows

From: Rietzler, Markus \(RZF, SG 324 / \) <markus.rietzler_at_fv.nrw.de>
Date: Tue, 8 Apr 2014 11:37:00 +0000

What are the problems?

There are two issues:

1) squid doing user auth via ACL
2) squid forwards / passthrough auth to IIS

Are there any squid-parent proxies involved?

Normally

http_port 8080 connection-auth=on

where connection-auth is on per default? That means, that ntlm-auth is passed through squid. Which samba/winbind version are you using. For IE10 and up you have to use "newer" versions (i think > 3.6.x)

markus

-----Urspr�ngliche Nachricht-----
Von: Antero Prazeres [mailto:Antero.Prazeres_at_blackboard.com]
Gesendet: Mittwoch, 2. April 2014 13:21
An: squid-users_at_squid-cache.org
Betreff: [squid-users] NTLM problem with Internet explorer/windows

Hello,
I need some help with this issue as I am out of ideas and I don�t find any similar issues on your lists/emails/faqs.
I am using a server with CentOS6 and Squid 3.1.10 as a proxy. One of my teams needs to access to ISS 7 trough Squid for test and development purposes using only NTLM. Squid server is accessing the AD and credentials are working. All tests performed with Wbinfo are successful. The access to the IIS ntlm site is successful from Firefox and Safari, all returning the message �you are authenticated using NTLM�. I try to perform the same test on several machines with Windows 7 and Internet Explorer, most of them 11, and don�t work. GPO was altered on the windows for NTLM, ISS site is requesting NTLM with extended protection and kernel=mode authentication off.

Somebody as any ideas please??

Thank you

Best regards

Antero Prazeres

This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
Received on Tue Apr 08 2014 - 11:37:12 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 08 2014 - 12:00:05 MDT