On 14/06/11 15:38, Mike Bordignon (GMI) wrote:

Hello

I'm trying to proxy access to a .Net Web application which requires IWA
(Integrated Windows Authentication). From what I understand the server

Not another one. Good luck.

If you have any influence or contact with the devs of that app please help educate them of the safety issues involved with sending users internal machine logins out over the global Internet. And HTTPS is no longer a guarantee of protection.


replies with a WWW-Authenticate header. Squid doesn't appear to be
passing through the Authentication headers to the browser.

Indicating that Squid has detected the TCP links involved do not support that type of auth.


I'm using Squid 3.1.6 on Debian Squeeze. I have read that certain
versions of Squid don't fully support the HTTP/1.1 features necessary to
perform NTLM/Negotiate auth. I have tried the pipeline_prefetch off
option with no luck. The proxy is not operating in transparent mode.

Could anyone point me in the right direction?


pipeline_prefetch is one feature which NTLM auth will break. Make sure that is turned OFF manually.

HTTP/1.0 persistent connections is another. Make sure client_persistent_connections is turned ON manually in 3.1 series. Make sure that server_persistent_connections is REMOVED from your config in 3.1 series, and manually turned ON in 3.0 and earlier.


After that its cross fingers and hope. If you find anything strange still going on, please mention it.

When you encounter a problem the first thing asked will be to verify it on the latest release. It speeds up the fix a bit if that is where its found.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.8 and 3.1.12.2

Reply via email to