Re: [squid-users] Authentication Issue with Squid and mixed BASIC/NTLM auth

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 16 Oct 2008 22:37:21 +1300

Chris Natter wrote:
> We were having issues with spell-check in 3.0, I haven't tried any of
> the development builds to see if it was resolved though in a later
> release.
>
> OWA spell-check just seems to hang when you attempt to spell-check an
> email, or gives the "try again later" prompt. I saw some previous
> postings on the archive of the mailing list, but most of them are very
> outdated.
>
> I'll have to build an RPM of squid 2.7 and check to see if that solves
> both issues.

Ah, now that you mention it I vaguely recall the topic as it flew past a
while back.

Yes, 2.7 is likely the most dependable to have both combos of fixes you
need.

Without knowing the cause the spellcheck issue _may_ have been resolved
in 3.1. Both of the MS workarounds and 'unknown method' support are now
present. If you have a spare moment and are inclined to test it please
let us know the result. If you still hit bad news for 3.1, its
definitely a bug that needs looking into at some point.

Amos

>
> Thanks for the help.
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Wednesday, October 15, 2008 6:46 PM
> To: Chris Natter
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Authentication Issue with Squid and mixed
> BASIC/NTLM auth
>
>> Hey all,
>>
>>
>>
>> I've got a tough situation I'm hoping someone can help me with.
>>
>>
>>
>> We 'downgraded' from an old 3.0PRE build that a predecessor had setup
> on a
>> reverse proxy, to squid 2.6.STABLE20. The proxy runs your standard OWA
>> over Reverse Proxy setup, with login=PASS to an OWA backend running
> with
>> BASIC/NTLM auth. We have to have the NTLM for phones that sync with
>> ActiveSync.
>>
>>
>>
>> It seems like something fundamental has changed in the way squid
> handles
>> auth from 3.0 to squid 2.6. Using firefox on 2.6, I can auth with just
>> 'USERNAME', with IE on 2.6 we have to type "DOMAINUSERNAME" or
>> "USER_at_DOMAIN" now. Previously, with squid 3.0, just 'USERNAME' would
> work
>> for auth.
>>
>>
>>
>> While this seems trivial, anything harder than just 'USERNAME' boggles
> a
>> lot of users. I'm assuming this has something to do with 'attempting
> NTLM'
>> negotiation? Is there a way around it in squid 2.6?
>>
>
> The cleaner @DOMAIN handling was only added to Squid 2.7+ and 3.0+. You
> will need an upgrade again to one of those versions at least.
>
> What caused you to downgrade though? perhapse its been fixed now in 3.1?
>
> Amos

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Received on Thu Oct 16 2008 - 09:37:26 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 17 2008 - 12:00:03 MDT