RE: [squid-users] NTLM Foreign Server Authentication

From: Scott Wrosch <swrosch@dont-contact.us>
Date: Thu, 8 May 2003 07:29:06 -0400

Hi Vladimir,

That's because NTLM (as a rule of thumb) isn't proxyable. I've been
dealing with this issue for quite some time. My solution is a little
bit more simple because they're local servers. But, unless the remote
server has basic authentication set up, it won't work.

See this Microsoft KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q253667&sd=tech

There is a proxy out there that is able to proxy NTLM. I believe it was
Henrik who passed it along. You should be able to find it if you search
the archives. This was probably back in February when he gave me the
link.

Just in case you're interested as well, the machines we were having
issues with were on our DMZ. So I set up a proxy auto configuration
script to bypass the proxy when it goes to any of the sites in question
(which is just one domain really), and for everything else use the
proxy. Works like a charm.

Hope that helps, at least a little bit at any rate!

Regards,
Scott

-----Original Message-----
From: Vladimir Martinov [mailto:vladimir.martinov@lemeridien.com]
Sent: Thursday, May 08, 2003 5:40 AM
To: squid-users@squid-cache.org
Subject: [squid-users] NTLM Foreign Server Authentication

Hi! SQUID2.5S2 Linux2.4.18

I am having a problem with a remote NTLM authentication. When an user
tries to connect to a remote site via the proxy we get back the
follwing:

#HTTP Error 401
#401.2 Unauthorized: Logon Failed due to server configuration
#
#This error indicates that the credentials passed to the server do not
match the credentials #required to log on to the server. This is usually
caused by not sending the proper WWW-#Authenticate header field.
#
#Please contact the Web server's administrator to verify that you have
permission to access to #requested resource.

I am using all default settings of squid.conf and none of the ACLs are
dealing with headers. I have tried loggin onto some other sites with
remote authentication and it seems to be well working...

Any ideas???

Vladimir Martinov
Revenue Manager
Le Meridien Muenchen
Tel. +49 (0) 89 2422 2020
Fax. +49 (0) 89 2422 2025
www.lemeridien-muenchen.com
www.lemeridien.com
In partnership with Nikko Hotels
Received on Thu May 08 2003 - 05:31:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:23 MST