Re: [squid-users] NTLM Auth and not authenticated pages

From: Matias Chris <lists_at_matiaschris.com.ar>
Date: Thu, 27 Nov 2008 15:22:25 -0200

Chris,
Thanks, that pretty much cleared my doubt.

On Wed, Nov 26, 2008 at 6:33 PM, Chris Robertson <crobertson_at_gci.net> wrote:
> Matias Chris wrote:
>>
>> Hello All,
>>
>> Im currently in the process of changing the way we authenticate users
>> from LDAP to NTLMSSP. Now we are in test phase and while ntlm auth is
>> working fine and allowing all users that are already logged to the AD
>> Domain to access the web without asking for their credentials, Im
>> seeing a lot of denied attempts at the log.
>> Is like for every page visited I have now two log entries, one is
>> denied, and the other one is allowed.
>>
>
> That's due to the design of NTLM. See
> http://devel.squid-cache.org/ntlm/client_proxy_protocol.html
>
>> Is there any way to tweak squid to avoid doing this? AD DC is on the
>> same phisycal LAN.
>>
>
> I suppose you could refrain from logging 407 responses...
>
>> 1227614260.463 0 127.0.0.1 TCP_DENIED/407 2083 POST
>> http://mail.google.com/a/matiaschris.com.ar/channel/bind? - NONE/-
>> text/html
>> 1227614261.218 188 127.0.0.1 TCP_MISS/200 351 POST
>> http://mail.google.com/a/matiaschris.com.ar/channel/bind? mchrist
>> DIRECT/66.102.9.18 text/html
>>
>> Any help will be much appreciated. Thanks.
>>
>
> Chris
>
Received on Thu Nov 27 2008 - 17:22:29 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 27 2008 - 12:00:03 MST