[squid-users] squid2.5-pre3 Accelerator & IIS 5 NTLM authentication always denies access to IIS site

From: Philipp Snizek <mailinglists@dont-contact.us>
Date: Wed, 30 Jan 2002 18:41:44 +0100

Hi list users

I hope somebody here made the same experience as me and has a solution for
that:

        Win2k Server & Exchange 2k
        Outlook Web Access
                10.0.0.10
                    |
                    |
                10.0.0.2
            Squid2.5-pre3
            Accelerator
          192.168.1.3
                |
                    |
                192.168.1.1
                Router
                Public IP
                    |
                    |
                  INET

Squid accelerator works fine accelerating normal http sites on IIS 5.
There's just this problem:
As soon as IIS 5 wants user authentication for Exchange 2k Outlook Web
Access, access is always denied. If traffic is normally routed (not via
squid proxy) NT5 authentication works fine and access to Outlook Web Access
is granted. Also, IIS 4 and Exchange 5.5 Outlook Web Access via squid 2.5
pre-3 worked well.
I sniffed the connection to find out what's wrong with the user
authentication and found out that win2k uses NTLM for authentication which
is new in win2k. I assume squid has a problem with this kind of
authentication.
Does the IIS 5 authentication work with older squid versions that don't
support SSL?

Please give me a hint what I have to change to make the authentication work
over the squid proxy.

Thanx a lot
Philipp
Received on Wed Jan 30 2002 - 10:41:30 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:00 MST