RE: [squid-users] Squid with webwasher using NTLM authentication

From: NGUYEN DANG LUAN, Eric <eric.nguyen-dang-luan_at_sogeti.com>
Date: Mon, 6 Oct 2008 10:59:55 +0200

I've tried almost all options for cache_peer but it doesn't seem to work. Is it a squid's bug?

Eric NGUYEN DANG LUAN

-----Message d'origine-----
De : NGUYEN DANG LUAN, Eric [mailto:eric.nguyen-dang-luan_at_sogeti.com]
Envoyé : lundi 6 octobre 2008 09:29
À : Henrik Nordstrom
Cc : squid-users_at_squid-cache.org
Objet : RE: [squid-users] Squid with webwasher using NTLM authentication

>> When a user is connect directly on webwasher it works. He is authenticated worretly (I can see that thanks to logs).
>> But once I implement a Squid cache server, it doesn't work. My user can't be authenticated.

>Have you told Squid to trust the webwasher proxy with proxy login credentials? See cache_peer directive.

I'm currently using this line:
cache_peer comp parent 3128 3130 no-query default
For the moment there is no login credentials. I'm gonna check this.

Regards,
NGUYEN DANG LUAN Eric

-----Message d'origine-----
De : Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
Envoyé : samedi 4 octobre 2008 16:14
À : NGUYEN DANG LUAN, Eric
Cc : squid-users_at_squid-cache.org
Objet : Re: [squid-users] Squid with webwasher using NTLM authentication

On fre, 2008-10-03 at 10:17 +0200, NGUYEN DANG LUAN, Eric wrote:

> I'm using squid as a cache server working with webwasher (proxy + authentication + webpage filter). Here's the context :
>
> User's computer<---->Squid <----> Webwasher<--->Internet
> |
> | Authentication
> |(Using NTLM)
> |
> NTLM
> Agent
>
> When a user is connect directly on webwasher it works. He is authenticated worretly (I can see that thanks to logs).
> But once I implement a Squid cache server, it doesn't work. My user can't be authenticated.

Have you told Squid to trust the webwasher proxy with proxy login credentials? See cache_peer directive.

> Does anyone has an idea? I'm using squid 2.6 running on a RedHat linux server 5.

Maybe you need to upgrade to 2.7. But it depends on which exact 2.6 release you are using.. see below.

> Right now i'm trying squid 3 but it dosen't seem to work too.

squid-3.0 does not support forwarding of NTLM authentication as it does not yet implement the required workarounds to Microsoft HTTP protocol violations needed to support NTLM forwarding.

Regards
Henrik
Received on Mon Oct 06 2008 - 09:00:35 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 06 2008 - 12:00:02 MDT