Gavin ,
Try putting this acl
acl Java browser Java/1.4 Java/1.5 Java/1.6
http_access allow Java
This worked for me when using NTLauth.
Regards
Tej
On Tue, Sep 1, 2009 at 2:45 PM, Truth Seeker<truth_seeker_3535_at_yahoo.com> wrote:
>
> Really thanks for your effort... i was not able to get back to you, just bcoz there were so many unexpected issues on the proxy...
>
> Now your resolution didnt worked for me...
>
> I didnt even got the http://balancer.netdania.com/StreamingServer/StreamingServer? in my access.log
>
> rather i could see always DENIED for balancer like the following
>
> TCP_DENIED/407 2912 CONNECT balancer.netdania.com:443 - NONE/- text/html
>
>
> Any HELP please...
>
>
>
>> We have a similar setup on one VLAN, with squid on linux
>> authenticating
>> users using active directory. We've seen lots of
>> issues with Java not
>> being able to authenticate.
>>
>> Testing the page you're talking about (albeit with a linux
>> desktop), I get
>> a java popup window asking me for my AD
>> username/password/domain, I type it
>> in but repeatedly it fails.
>>
>> The squid access.log says:
>>
>> 1251204847.837 0 172.16.1.3
>> TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 -
>> NONE/- text/html
>> 1251204847.842 0 172.16.1.3
>> TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 -
>> NONE/- text/html
>>
>> I'm not sure if these lines in cache.log are relevant or
>> not.
>>
>> [2009/08/25 13:42:00, 1]
>> libsmb/ntlmssp.c:ntlmssp_update(267)
>> got NTLMSSP command 3, expected 1
>> [2009/08/25 13:42:00, 1]
>> libsmb/ntlmssp.c:ntlmssp_update(267)
>> got NTLMSSP command 3, expected 1
>> [2009/08/25 13:42:01, 1]
>> libsmb/ntlmssp.c:ntlmssp_update(267)
>> got NTLMSSP command 3, expected 1
>> [2009/08/25 13:42:01, 1]
>> libsmb/ntlmssp.c:ntlmssp_update(267)
>> got NTLMSSP command 3, expected 1
>> [2009/08/25 13:47:02, 1]
>> libsmb/ntlmssp.c:ntlmssp_update(267)
>> got NTLMSSP command 3, expected 1
>>
>> My usual workaround is to add an ACL for that site which is
>> far from ideal.
>> I've added the following ACL:
>>
>> acl dailyfx dstdomain
>> balancer.netdania.com
>> http_access allow dailyfx CONNECT
>>
>> That works around the issue for me. I still get
>> prompted for the username
>> and password and the logs suggest some traffic isn't
>> getting through.
>>
>> 1251205769.600 14385 172.16.1.3 TCP_MISS/000 7263
>> CONNECT balancer.netdania.com:443 -
>> FIRST_UP_PARENT/172.20.2.3 - 1251205771.233
>> 1 172.16.1.3 TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> - NONE/- text/html
>> 1251205771.239 3 172.16.1.3
>> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> - NONE/- text/html
>> 1251205771.516 277 172.16.1.3 TCP_MISS/200
>> 1443 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip
>> 1251205774.813 55 172.16.1.3
>> TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> - NONE/- text/html
>> 1251205774.816 0 172.16.1.3
>> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> - NONE/- text/html
>> 1251205776.537 1721 172.16.1.3
>> TCP_MISS/200 1125 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip
>> 1251205779.681 1 172.16.1.3
>> TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> - NONE/- text/html
>> 1251205779.685 1 172.16.1.3
>> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
>> - NONE/- text/html
>>
>> If I drop the word CONNECT I get no errors at all, but that
>> disables
>> authentication entirely for that site.
>>
>> There is definitely some issue with austhentication and
>> Java. I'm not sure
>> if it might actually be Authentication+Java+SSL. Our
>> problems are
>> generally with java-driven online banking applications.
>>
>> Gavin
>>
>>
>>
>
>
>
>
Received on Tue Sep 01 2009 - 11:33:48 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 12:00:05 MDT