Matias Chris wrote:
> Hello All,
>
> Im currently in the process of changing the way we authenticate users
> from LDAP to NTLMSSP. Now we are in test phase and while ntlm auth is
> working fine and allowing all users that are already logged to the AD
> Domain to access the web without asking for their credentials, Im
> seeing a lot of denied attempts at the log.
> Is like for every page visited I have now two log entries, one is
> denied, and the other one is allowed.
>
That's due to the design of NTLM. See
http://devel.squid-cache.org/ntlm/client_proxy_protocol.html
> Is there any way to tweak squid to avoid doing this? AD DC is on the
> same phisycal LAN.
>
I suppose you could refrain from logging 407 responses...
> 1227614260.463 0 127.0.0.1 TCP_DENIED/407 2083 POST
> http://mail.google.com/a/matiaschris.com.ar/channel/bind? - NONE/-
> text/html
> 1227614261.218 188 127.0.0.1 TCP_MISS/200 351 POST
> http://mail.google.com/a/matiaschris.com.ar/channel/bind? mchrist
> DIRECT/66.102.9.18 text/html
>
> Any help will be much appreciated. Thanks.
>
Chris
Received on Wed Nov 26 2008 - 20:33:23 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 27 2008 - 12:00:03 MST