[squid-users] error 401 when going via squid ???
Hi I have a client that when he tries to access agentdeal.marvel.com the web server (IIS) does give a login prompt as it should and instead returns a 401 error. squid access logs 1226493177.205 2413 192.168.1.54 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226493178.700 1256 192.168.1.54 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226493181.792 1369 192.168.1.54 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226493257.082 4573 192.168.1.54 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226493679.353 1306 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226493680.560 1068 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226494460.532 3644 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/ - DIRECT/65.202.37.147 text/html 1226494460.975347 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226494463.518346 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226494463.960341 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226494464.332338 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226494521.459350 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226494563.667397 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226494784.619 1406 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226494803.850869 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226494818.346 1700 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226496149.953608 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226496150.337335 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226496153.533541 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147 text/html 1226496170.539336 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226496174.885332 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226496372.749672 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html 1226496390.734476 192.168.1.10 TCP_MISS/401 2199 GET http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html I get the same problem with our proxy and some other people have this problem when, behind squid proxy's . Many thanks Greg
Re: [squid-users] error 401 when going via squid ???
On Wed, Nov 12, 2008 at 3:32 PM, Gregory Machin <[EMAIL PROTECTED]> wrote: > Hi Hello Greg, > I have a client that when he tries to access agentdeal.marvel.com the > web server (IIS) does give a login prompt as it should and instead > returns a 401 error. [...] > I get the same problem with our proxy and some other people have this > problem when, behind squid proxy's . What version of Squid, and is IIS trying to offer "Integrated Microsoft Windows Authentication" (a.k.a. NTLM)? -- /kinkie
Re: [squid-users] error 401 when going via squid ???
Yes I would assume that the issue is related to "Integrated Microsoft Windows Authentication" (a.k.a. NTLM) or something M$ cooked up Squid Cache: Version 2.6.STABLE4 configure options: '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' '--with-openssl=/usr/kerberos' '--enable-delay-pools' '--enable-linux-netfilter' '--with-pthreads' '--enable-ntlm-auth-helpers=SMB,fakeauth' '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group' '--enable-auth=basic,digest,ntlm' '--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge' '--enable-useragent-log' '--enable-referer-log' '--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost' '--enable-underscores' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL' '--enable-cache-digests' '--enable-ident-lookups' '--with-large-files' '--enable-follow-x-forwarded-for' '--enable-wccpv2' '--enable-fd-config' '--with-maxfd=16384' 'CFLAGS=-fPIE -Os -g -pipe -fsigned-char' 'LDFLAGS=-pie' 'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu' 'target_alias=i386-redhat-linux-gnu' thanks On Wed, Nov 12, 2008 at 8:09 PM, Kinkie <[EMAIL PROTECTED]> wrote: > On Wed, Nov 12, 2008 at 3:32 PM, Gregory Machin <[EMAIL PROTECTED]> wrote: >> Hi > > Hello Greg, > >> I have a client that when he tries to access agentdeal.marvel.com the >> web server (IIS) does give a login prompt as it should and instead >> returns a 401 error. > > [...] > >> I get the same problem with our proxy and some other people have this >> problem when, behind squid proxy's . > > What version of Squid, and is IIS trying to offer "Integrated > Microsoft Windows Authentication" (a.k.a. NTLM)? > > > -- >/kinkie >
Re: [squid-users] error 401 when going via squid ???
Could you try a more recent version of squid? I don't think that 2.6S4 supports proxying content when the server only offers ntlm authentication On 11/13/08, Gregory Machin <[EMAIL PROTECTED]> wrote: > Yes I would assume that the issue is related to "Integrated Microsoft > Windows Authentication" (a.k.a. NTLM) or something M$ cooked up > > Squid Cache: Version 2.6.STABLE4 > configure options: '--build=i686-redhat-linux-gnu' > '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' > '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' > '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' > '--includedir=/usr/include' '--libdir=/usr/lib' > '--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com' > '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--exec_prefix=/usr' '--bindir=/usr/sbin' > '--libexecdir=/usr/lib/squid' '--localstatedir=/var' > '--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-epoll' > '--enable-snmp' '--enable-removal-policies=heap,lru' > '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' > '--with-openssl=/usr/kerberos' '--enable-delay-pools' > '--enable-linux-netfilter' '--with-pthreads' > '--enable-ntlm-auth-helpers=SMB,fakeauth' > '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group' > '--enable-auth=basic,digest,ntlm' > '--enable-digest-auth-helpers=password' > '--with-winbind-auth-challenge' '--enable-useragent-log' > '--enable-referer-log' '--disable-dependency-tracking' > '--enable-cachemgr-hostname=localhost' '--enable-underscores' > '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL' > '--enable-cache-digests' '--enable-ident-lookups' '--with-large-files' > '--enable-follow-x-forwarded-for' '--enable-wccpv2' > '--enable-fd-config' '--with-maxfd=16384' 'CFLAGS=-fPIE -Os -g -pipe > -fsigned-char' 'LDFLAGS=-pie' 'build_alias=i686-redhat-linux-gnu' > 'host_alias=i686-redhat-linux-gnu' > 'target_alias=i386-redhat-linux-gnu' > > thanks > > > On Wed, Nov 12, 2008 at 8:09 PM, Kinkie <[EMAIL PROTECTED]> wrote: >> On Wed, Nov 12, 2008 at 3:32 PM, Gregory Machin <[EMAIL PROTECTED]> >> wrote: >>> Hi >> >> Hello Greg, >> >>> I have a client that when he tries to access agentdeal.marvel.com the >>> web server (IIS) does give a login prompt as it should and instead >>> returns a 401 error. >> >> [...] >> >>> I get the same problem with our proxy and some other people have this >>> problem when, behind squid proxy's . >> >> What version of Squid, and is IIS trying to offer "Integrated >> Microsoft Windows Authentication" (a.k.a. NTLM)? >> >> >> -- >>/kinkie >> > -- /kinkie
Re: [squid-users] error 401 when going via squid ???
Kinkie wrote: Could you try a more recent version of squid? I don't think that 2.6S4 supports proxying content when the server only offers ntlm authentication For what it's worth, any 2.6 (or 2.7) release should perform the required connection pinning to proxy NTLM authentication... http://www.squid-cache.org/Versions/v2/2.6/RELEASENOTES.html#toc1 "1. Key changes from squid 2.5 ... Support for proxying of Microsoft Integrated Login (NTLM & Negotiate) connection oriented authentication schemes, enabling access to servers or proxies using such authentication methods." Chris
