RE: [squid-users] FW: Squid, NT Domains and non logged in systems
On Fri, 12 Dec 2003 [EMAIL PROTECTED] wrote: > I checked the systems that were affected and they were already up to date > with the lastest, according to windows update. Any other ideas? Not really, other than if there is no traffic to the proxy then the browser is almost certainly broken.. but it is a thin line as the ntlm authentication "scheme" is digging around in Windows internal NTLMSSP authenticaiton protocols completely without any official documentation.. Regards Henrik
RE: [squid-users] FW: Squid, NT Domains and non logged in systems
I checked the systems that were affected and they were already up to date with the lastest, according to windows update. Any other ideas? Austin Wolfe -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:34 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] FW: Squid, NT Domains and non logged in systems On Fri, 12 Dec 2003 [EMAIL PROTECTED] wrote: > > access the proxy. If they shut down IE and try again, it will function > > until the next deny. I have had them try to access the proxy without using > > wpad.dat and they still get the same issue. I have another proxy that does > > not require authentication and the problem does not occur. I then had them > > log their system into a domain, they get prompted for the username > > password / domain, which they enter and the problem does not occur. How do > > I resolve this? First try applying the latest security update for MSIE if you have not already. This includes several bugfixes in how MSIE maintains authentication to proxies. Regards Henrik
Re: [squid-users] FW: Squid, NT Domains and non logged in systems
On Fri, 12 Dec 2003 [EMAIL PROTECTED] wrote: > > access the proxy. If they shut down IE and try again, it will function > > until the next deny. I have had them try to access the proxy without using > > wpad.dat and they still get the same issue. I have another proxy that does > > not require authentication and the problem does not occur. I then had them > > log their system into a domain, they get prompted for the username > > password / domain, which they enter and the problem does not occur. How do > > I resolve this? First try applying the latest security update for MSIE if you have not already. This includes several bugfixes in how MSIE maintains authentication to proxies. Regards Henrik
[squid-users] FW: Squid, NT Domains and non logged in systems
> -Original Message- > From: Wolfe, Austin > Sent: Friday, December 12, 2003 11:10 AM > To: '[EMAIL PROTECTED]' > Subject: Squid, NT Domains and non logged in systems > > Hello, > I am running Squid version 2.5.STABLE2 on a linux Slackware version > 9.1 server. It has been running fine but I am in the process of locking > down all of my VLANS and forcing users to access web sites via the proxy > servers. I have several NT domains and I have NTLM , winbindd and smb > running with no problems. Today I have been working with several users who > are having a problem. They do not have their workstations log into any > domain on my network. They log in with a local account. When they open up > the web browser, they get prompted for a user name a password / domain > which they supply. They start accessing the web but then a strange thing > occurs. If they hit a page that the proxy denies, they click on their back > button, see the previous page and then when they click on another link or > try to go to another site the browser seems to lock. I have watched the > logs while this ocurs and when it locks, their system does no seem to > access the proxy. If they shut down IE and try again, it will function > until the next deny. I have had them try to access the proxy without using > wpad.dat and they still get the same issue. I have another proxy that does > not require authentication and the problem does not occur. I then had them > log their system into a domain, they get prompted for the username > password / domain, which they enter and the problem does not occur. How do > I resolve this? > > Network and system stats and versions: > > Squid Version 2.5.STABLE2 > Linux Slackware 9.1 > Workstations are running Win2k with IE 6.0 > I have smb, winbind and NTLM configured and running. > I am using wpad.dat > > Thank You, > Austin Wolfe >