• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2810
  • Last Modified:

Squid and Web Login Prompts

Hello,

We are using Squid as our proxy server. If someone goes to a site which has a pop up logon window, this pop up never comes up and the page says access denied from the server. This isn't our local access denied message. It's the message you get if you were to put in a bad username and/or password. I've added the site in question to our safe list and this didn't make any difference. Any ideas on how I can get this to work correctly through Squid?

Thank you!!
Naomi
0
naomiking
Asked:
naomiking
1 Solution
 
ahoffmannCommented:
is this a NTLM authentificatiopn (NT-Domain, w2k)?
then read
  http://www.squid-cache.org/Doc/FAQ/FAQ.html
in particular chapter 23. Authentification
0
 
naomikingAuthor Commented:
Thank you, ahoffman, for your response. I read through chapter 23 and this seems to be talking about authenticating on a server in a domain that I can control, such as my local windows domain. The problem is that this server is a vendor somewhere out on the Internet that has given one of my users a username and password. From the error message that comes up, I believe it is a Windows based server that is doing the authentication.  The username and password she was given isn't anything like her domain usename and password.  Did I read this wrong or do you have any other ideas?  Thanks!
0
 
naomikingAuthor Commented:
Thank you, ahoffman, for your response. I read through chapter 23 and this seems to be talking about authenticating on a server in a domain that I can control, such as my local windows domain. The problem is that this server is a vendor somewhere out on the Internet that has given one of my users a username and password. From the error message that comes up, I believe it is a Windows based server that is doing the authentication.  The username and password she was given isn't anything like her domain usename and password.  Did I read this wrong or do you have any other ideas?  Thanks!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
naomikingAuthor Commented:
Sorry for the repeat...hit refresh on the wrong page!
0
 
ahoffmannCommented:
either you use a sniffer like tcpdump or ethereal to see the packets, or probably it is enough if you can get and see the HTTP headers exchanged between client and server.
HTTP headers can simply be shown with mozilla 1.x with LifeHTTPheader plugin, or with the proxomitron proxy (both on client).
0
 
bluethoughtCommented:
Hmm are you sure the page from the server is an Authorization Required (401) page (which is loaded when a valid user/pass is not presented)...when you say access denied, it sounds like a HTTP 403 Forbidden page. Which is loaded if the remote server in question has blocked out your proxy...this can happen if there were too many failed login attempts from your proxy etc. Or they might have blocked your ip block / isp for some reason.
Could you check that 401?

bt
0
 
naomikingAuthor Commented:
This is the error I get:
You are not authorized to view this page
You do not have permission to view this directory or page using the credentials you supplied.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button to try again with different credentials.
If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the www.sultanchemists.com home page.
HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Background:
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the AddHeader method of the Response object to request that the client use a certain authentication method to access the resource.

More information:
Microsoft Support
 

When I turn off the proxy server in the browser it works fine. Do you think this is something that needs to be addressed on the webserver side?  

If I hit cancel when the login window pops up, I am sent to this same page.

Thanks!
0
 
ahoffmannCommented:
mickeysoft, so it might be NTLM authentification, as I asked in my very first posting.
Did you verify?
0
 
hcremerCommented:
I am so pitty, i have payed for this. You will find the answer in:

http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now