Re: [squid-users] squid using NTLM Authentication - failed to access sites that required authentication from Robert Collins on 2001-04-12 (squid-users)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 12 Apr 2001 21:34:11 +1000

That's unexpected. It works fine for authenticated sites using both
basic and digest authentication.

You're not trying to do "transparent proxying" and authentication at the
same time are you?

The error about fixErrorHeader: state 4 indicates that an _already_
authenticated client is sending authentication again.

a) This should have been trapped eariler on in squid - I'll look into
that.
b) That is very bad behaviour on the clients part - or you are using
transparent caching.

Rob

----- Original Message -----
From: "Boris Segal" <BORISSE@amdocs.com>
To: <squid-users@squid-cache.org>
Sent: Thursday, April 12, 2001 10:29 PM
Subject: [squid-users] squid using NTLM Authentication - failed to
access sites that required authentication

> Hello,
>
> We are using squid proxy (Version 2.5) on Solaris 2.8 X86 platform.
>
> the squid run with NTLM authentication mode for internal users
> authentication - this works fine.
>
> But, When trying to access web sites that require user Authentication
(by
> opening new Authentication window) we failed.
>
> site for example: http://www.baker.edu/administration/ininfo/
>
> we get : The page cannot be displayed error page
>
> when not using the NTLM Authentication on the proxy we manage to get
to
> those sites.
>
> (https sites and sites that run a cgi authentication works fine also -
the
> problem exist only when the other side require
>
> In the squid debug log we get :
>
> 2001/03/18 12:13:03| authenticateNTLMFixErrorHeader: state 4.
>
> 2001/03/18 12:13:03| storeDirWriteCleanLogs: Starting...
>
> 2001/03/18 12:13:03| WARNING: Closing open FD 17
>
> 2001/03/18 12:13:03| Finished. Wrote 20005 entries.
>
> 2001/03/18 12:13:03| Took 0.1 seconds (397137.4 entries/sec).
>
> FATAL: unexpected state in AuthenticateNTLMFixErrorHeader.
>
> Squid Cache (Version 2.5.DEVEL): Terminated abnormally.
>
> It seems that squid doing a restart to himself during this problem,
that's
> why we get the error : the page can't be displayed.
>
>
>
> Any ideas ?
>
> should we configure some how the header in such a way that the proxy
won't
> pass it to the remote site ?
>
> does the proxy actually pass the username that was taken from the
header
> (while authenticate) to the remote site ?
>
>
>
> Any help will be appriciate.
>
> Thank you,
>
> Boris Segal
>
>
Received on Thu Apr 12 2001 - 05:34:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:17 MST