Hello Amos, Markus, all, Just as a side note - I also suffered from this error sometime before with Edge and our custom NTLM relay to domain controllers (run as auth helper by Squid). The strange thing it went away after installing some (unknown) Windows update.
I do have the "auth_param ntlm keep_alive off" in the config though. It all makes me quite suspicious the error was/is in Edge or in my curly hands. Best regards, Rafael Akchurin Diladele B.V. -----Original Message----- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Thursday, March 9, 2017 5:12 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] microsoft edge and proxy auth not working On 8/03/2017 11:28 p.m., Rietzler, Markus (RZF, Aufg 324 / <RIETZLER_SOFTWARE>) wrote: > i should add that we are using squid 3.5.24. > Try with "auth_param ntlm keep_alive off". Recently the browsers have been needing that. Though frankly I am surprised if Edge supports NTLM at all. It was deprecated in April 2006 and MS announced removal was being actively pushed in all thier software since Win7. > >> -----Ursprüngliche Nachricht----- >> Von: Rietzler, Markus >> >> we have some windows 10 clients using microsoft edge browser. >> access to internet is only allowed for authenticated users. we are >> using samba/winbind auth >> >> auth_param ntlm program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5- ntlmssp auth_param ntlm children 64 >> startup=24 idle=12 auth_param ntlm keep_alive on acl auth_user >> proxy_auth REQUIRED >> >> on windows 10 clients with IE11 it is working (with ntlm automatic >> auth) on the same machine, with Microsoft edge I get TCP_Denied/407 message. >> seems I only get one single TCP_DENIED/407 line in accesslog and an >> auth dialog pops up. I have disabled basic auth via ntlm. >> shouldn't there be 3 lines for proxy auth? with IE11 I see those >> three lines (2x TCP_DENIED/407 and 1x TCP_MISS/200), no popup at all. Not specifically. There should be 1+ for NTLM. Success with NTLM shows 2+. Failure shows 1 or 3 or infinite loop (hello Safari and Firefox 30-ish). >> >> winbind/samba itself seems to work, as I can do an user auth against >> apache with winbind/samba - even over some squid proxies with >> connection-auth allowed. but not for proxy-auth. >> is there any option in squid.conf which prevents Edge to do a >> successful auth? If other software succeeds then the only thing that might be related is the keep-alive option mentioned above. Otherwise the problem is in Edge itself. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
