Re: [squid-users] connection-auth

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 08 Mar 2011 14:28:33 +1300

 On Mon, 07 Mar 2011 17:14:40 -0600, Vernon A. Fort wrote:
> My setup is a non-transparent proxy running gentoo. Simply put, if
> you
> want to browse, set the proxy option in your browser. With that
> said,
> we have had difficulty in connecting to a share point site/server for
> one of our external groups. We had already set the
> connection-auth=on
> to fix a similar issue a few months back, but we cannot connect to
> this
> site from windows 7 pro with ANY browser. We 'can' connect from the
> windows XP desktops, just not from windows 7. I have try to toggle
> on/off the pipeline_prefetch with no success.
>
> I've tried both versions 3.1.9 and 3.1.8. Even with a default
> squid.conf in a different networks on both IE 8 and 9(beta). Again,
> will work with XP but not on windows 7 pro (with or without s
>
> Can someone point me to some additional documentation or pointers?
>
> Vernon

 What do you mean by "external groups"? people accessing from out on
 the Internet?

 NP: NTLM does not work reliably across the wide Internet due to its
 design as a LAN protocol. Kerberos is only slightly better over WAN.

 The key authentication difference between XP and Win7 is NTLM. In Win7
 it has been outright removed from some services (the Server ones) and
 downgraded in all others (client services) to require manual
 configuration turning back on.
  The recommended path is to add Kerberos alongside NTLM until you can
 turn off NTLM entirely. If you absolutely cant start the transition to
 Kerberos then doing that manual configuration of Windows Vista or later
 boxes is required to downgrade their security.

 Amos
Received on Tue Mar 08 2011 - 01:28:37 MST

This archive was generated by hypermail 2.2.0 : Tue Mar 08 2011 - 12:00:01 MST