mån 2007-06-25 klockan 17:47 +0200 skrev Joerg Schuetter:
> Browsing the Internet is only permitted after athenticating (NTLM
> w/ ADS). This will run undetected by most users since this part is
> done by the client.
> After upgrading our system to debian Etch (squid=2.6.5-6,
> winbind=3.0.24-6etch4, samba=3.0.24-6etch4) we started having
> some problems (I'll use separate mails for each problem).
>
> When our users try to connect to
> https://keylink.ubs.com/keylink.ubs.com/client/int/startklw.html
> they will not be able to use this service.
> In the log of the proxy I have this line:
> 1182327931.205 0 x.y.z.a TCP_DENIED/400 1614 NONE \
> error:unsupported-request-method - NONE/- text/html
What did cache.log say here?
> Digging a little bit deeper with a sniffer I found that the
> header line CONNECT is missing. The older squid version
> (2.5.12-4) seemed to ignore this.
???
Can you provide a bit more details on that?
> The workaround to keep the users doing their jobs was to grant
> access to ksylink.ubs.com without userauthentication.
> But what's the clean way to solve this?
First I need to understand the problem on the wire level..
But if authentication makes a difference and it worked in earlier Squid
versions using NTLM then try "auth_param ntlm keep_alive off". This
might work around some client brokenness.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT