?
Solved

Squid and Web Login Prompts

Posted on 2003-03-11
11
Medium Priority
?
2,806 Views
Last Modified: 2007-12-19
Hello,

We are using Squid as our proxy server. If someone goes to a site which has a pop up logon window, this pop up never comes up and the page says access denied from the server. This isn't our local access denied message. It's the message you get if you were to put in a bad username and/or password. I've added the site in question to our safe list and this didn't make any difference. Any ideas on how I can get this to work correctly through Squid?

Thank you!!
Naomi
0
Comment
Question by:naomiking
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 8118723
is this a NTLM authentificatiopn (NT-Domain, w2k)?
then read
  http://www.squid-cache.org/Doc/FAQ/FAQ.html
in particular chapter 23. Authentification
0
 

Author Comment

by:naomiking
ID: 8122824
Thank you, ahoffman, for your response. I read through chapter 23 and this seems to be talking about authenticating on a server in a domain that I can control, such as my local windows domain. The problem is that this server is a vendor somewhere out on the Internet that has given one of my users a username and password. From the error message that comes up, I believe it is a Windows based server that is doing the authentication.  The username and password she was given isn't anything like her domain usename and password.  Did I read this wrong or do you have any other ideas?  Thanks!
0
 

Author Comment

by:naomiking
ID: 8123228
Thank you, ahoffman, for your response. I read through chapter 23 and this seems to be talking about authenticating on a server in a domain that I can control, such as my local windows domain. The problem is that this server is a vendor somewhere out on the Internet that has given one of my users a username and password. From the error message that comes up, I believe it is a Windows based server that is doing the authentication.  The username and password she was given isn't anything like her domain usename and password.  Did I read this wrong or do you have any other ideas?  Thanks!
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 

Author Comment

by:naomiking
ID: 8123233
Sorry for the repeat...hit refresh on the wrong page!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8128664
either you use a sniffer like tcpdump or ethereal to see the packets, or probably it is enough if you can get and see the HTTP headers exchanged between client and server.
HTTP headers can simply be shown with mozilla 1.x with LifeHTTPheader plugin, or with the proxomitron proxy (both on client).
0
 

Expert Comment

by:bluethought
ID: 8175711
Hmm are you sure the page from the server is an Authorization Required (401) page (which is loaded when a valid user/pass is not presented)...when you say access denied, it sounds like a HTTP 403 Forbidden page. Which is loaded if the remote server in question has blocked out your proxy...this can happen if there were too many failed login attempts from your proxy etc. Or they might have blocked your ip block / isp for some reason.
Could you check that 401?

bt
0
 

Author Comment

by:naomiking
ID: 8203567
This is the error I get:
You are not authorized to view this page
You do not have permission to view this directory or page using the credentials you supplied.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button to try again with different credentials.
If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the www.sultanchemists.com home page.
HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Background:
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the AddHeader method of the Response object to request that the client use a certain authentication method to access the resource.

More information:
Microsoft Support
 

When I turn off the proxy server in the browser it works fine. Do you think this is something that needs to be addressed on the webserver side?  

If I hit cancel when the login window pops up, I am sent to this same page.

Thanks!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8203821
mickeysoft, so it might be NTLM authentification, as I asked in my very first posting.
Did you verify?
0
 

Expert Comment

by:hcremer
ID: 15105550
I am so pitty, i have payed for this. You will find the answer in:

http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question