Re: [squid-users] Squid 3 with AD Integration has Sharepoint Access problem!!

From: Go Wow <gowows_at_gmail.com>
Date: Wed, 23 Mar 2011 23:18:07 +0400

All my problems seems to be getting resolved.

NTLM_AUTH still doesnt bypass my sharepoint server. I made use of PAC
file to bypass it.

here is the copy of it

function FindProxyForURL(url,host) {if
(shExpMatch(url,"*Sharepointserver*") ||
shExpMatch(url,"*mylocaldomain*") || shExpMatch(url,"*intranet*") ||
shExpMatch(url,"*192.168.*")) return "DIRECT"; else return "PROXY
192.168.10.95:3128";}

I made it in one line without wrapping. replace "Sharepointserver"
with your "sharepoint server name" and "mylocaldomain" with your
"local domain name" which should something like mycompany.com

Regards

On 22 March 2011 10:34, Go Wow <gowows_at_gmail.com> wrote:
> Below is the complete log. This is for one request to the sharepoint
> from squid, at the end it pops for username/pass
>
> 1300775478.267      1 192.168.50.123 TCP_DENIED/407 4268 GET
> http://sharepoint/ - NONE/- text/html
> 1300775478.277      2 192.168.50.123 TCP_DENIED/407 4598 GET
> http://sharepoint/ - NONE/- text/html
> 1300775478.289      8 192.168.50.123 TCP_MISS/401 1729 GET
> http://sharepoint/ DOMAIN\james.watson DIRECT/192.168.100.64 text/html
> 1300775478.311      1 192.168.50.123 TCP_DENIED/407 4360 GET
> http://sharepoint/ - NONE/- text/html
> 1300775478.318      2 192.168.50.123 TCP_DENIED/407 4690 GET
> http://sharepoint/ - NONE/- text/html
> 1300775478.329      7 192.168.50.123 TCP_MISS/401 1050 GET
> http://sharepoint/ DOMAIN\james.watson DIRECT/192.168.100.64 text/html
> 1300775478.344      1 192.168.50.123 TCP_DENIED/407 5014 GET
> http://sharepoint/ - NONE/- text/html
> 1300775478.351      2 192.168.50.123 TCP_DENIED/407 5344 GET
> http://sharepoint/ - NONE/- text/html
> 1300775478.362      7 192.168.50.123 TCP_MISS/401 1729 GET
> http://sharepoint/ DOMAIN\james.watson DIRECT/192.168.100.64 text/html
>
>
>
> On 21 March 2011 09:59, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 21/03/11 18:16, Go Wow wrote:
>>>
>>> Sharepoint is integrated with NTLM, normally it doesn't ask for
>>> username and password. Also if we enter username and password when the
>>> pop up comes then its not accepting. Why does it allow some users and
>>> block others? Just to mention I changed my squid3 config to add NTLM
>>> support with 2 auth_param basic and NTLM. Is this the cause of
>>> problem??
>>
>> That change might make a browser bug visible. I have not seen any other
>> cases of it though.
>>  The proxy login and the server login are completely separate in HTTP and
>> Squid. The browser *should* be considering each to be separate and sending
>> the right ones.
>>
>>
>> Browser only sends credentials when they have to. First nothing, which squid
>> 407 challenges. Then just the proxy ones which the server 401 challenges.
>> Then both, which works.
>>
>> So what you see in the logs would be:
>>   TCP_MISS/407 1729 GET http://spserver/ - NONE/-
>>   TCP_MISS/401 1729 GET http://spserver/ DOMAIN-NAME\User.Name
>> DIRECT/192.168.50.124 text/html
>>   TCP_MISS/200 4567 GET http://spserver/ DOMAIN-NAME\User.Name
>> DIRECT/192.168.50.124 text/html
>>  ...
>>
>>
>> Amos
>> --
>> Please be using
>>  Current Stable Squid 2.7.STABLE9 or 3.1.11
>>  Beta testers wanted for 3.2.0.5
>>
>
Received on Wed Mar 23 2011 - 19:18:17 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 24 2011 - 12:00:04 MDT