Squid 2.5 - ASPX Pages and NTLM Authentication.

Hi All.

I'm running a Squid 2.5 Proxy server, on RH 9, authenticating against an NT domain, using Winbind.
I've got internal load balancing, running 4 squid processes, and assigning incoming requests via IPTABLES.
Everything is running smoothly, so far, other than 1 single .net webpage.
I can supply the page on request.
On this page, the users should be presented with a login prompt.
However, my users are presented with a HTTP 401.2 error, You are not authorized to view this page.
I've spoken to the web developers, and this page is attempting to authenticate through NTLM.

I've added this site to my trusted sites, but this makes no difference. I've had the developers run basic authentication, and I can then access the site, however, they are not willing to leave it as basic, for valid security reasons.

Can produce squid.conf or other information when requested.

Thanks for your help!



mvanryanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

methabhayaCommented:

Hi,
 First of all there is an issue with SQUID and NTLM. Squid cannot cache those requests. To make this work you need to setup squid so that is bypass this site for caching. (Access lists., no_cache option)

Also if your site has specific IP addresses configured as valid clients then when you access it through squid the site get's the SQUID address and not the client machine address, so that might prevent it.

Another thing you could try is to redirect using iptables all traffic directed to this site away from the squid proxy.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mvanryanAuthor Commented:
Thanks, I acutally managed to convince the vendor to move to SSL, instead of using NTLM authentication.
I had previously tried adding the domain to the no-auth required list of sites, but this had not worked.
In any case the issue was resolved, and seeing you had the only comment.... Thanks :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.