Solved

Squid 2.5 - ASPX Pages and NTLM Authentication.

Posted on 2004-10-19
2
1,371 Views
Last Modified: 2008-01-09
Hi All.

I'm running a Squid 2.5 Proxy server, on RH 9, authenticating against an NT domain, using Winbind.
I've got internal load balancing, running 4 squid processes, and assigning incoming requests via IPTABLES.
Everything is running smoothly, so far, other than 1 single .net webpage.
I can supply the page on request.
On this page, the users should be presented with a login prompt.
However, my users are presented with a HTTP 401.2 error, You are not authorized to view this page.
I've spoken to the web developers, and this page is attempting to authenticate through NTLM.

I've added this site to my trusted sites, but this makes no difference. I've had the developers run basic authentication, and I can then access the site, however, they are not willing to leave it as basic, for valid security reasons.

Can produce squid.conf or other information when requested.

Thanks for your help!



0
Comment
Question by:mvanryan
2 Comments
 
LVL 2

Accepted Solution

by:
methabhaya earned 400 total points
ID: 12421688

Hi,
 First of all there is an issue with SQUID and NTLM. Squid cannot cache those requests. To make this work you need to setup squid so that is bypass this site for caching. (Access lists., no_cache option)

Also if your site has specific IP addresses configured as valid clients then when you access it through squid the site get's the SQUID address and not the client machine address, so that might prevent it.

Another thing you could try is to redirect using iptables all traffic directed to this site away from the squid proxy.
0
 

Author Comment

by:mvanryan
ID: 12489068
Thanks, I acutally managed to convince the vendor to move to SSL, instead of using NTLM authentication.
I had previously tried adding the domain to the no-auth required list of sites, but this had not worked.
In any case the issue was resolved, and seeing you had the only comment.... Thanks :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question