Solved

Squid 2.5 - ASPX Pages and NTLM Authentication.

Posted on 2004-10-19
2
1,381 Views
Last Modified: 2008-01-09
Hi All.

I'm running a Squid 2.5 Proxy server, on RH 9, authenticating against an NT domain, using Winbind.
I've got internal load balancing, running 4 squid processes, and assigning incoming requests via IPTABLES.
Everything is running smoothly, so far, other than 1 single .net webpage.
I can supply the page on request.
On this page, the users should be presented with a login prompt.
However, my users are presented with a HTTP 401.2 error, You are not authorized to view this page.
I've spoken to the web developers, and this page is attempting to authenticate through NTLM.

I've added this site to my trusted sites, but this makes no difference. I've had the developers run basic authentication, and I can then access the site, however, they are not willing to leave it as basic, for valid security reasons.

Can produce squid.conf or other information when requested.

Thanks for your help!



0
Comment
Question by:mvanryan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
methabhaya earned 400 total points
ID: 12421688

Hi,
 First of all there is an issue with SQUID and NTLM. Squid cannot cache those requests. To make this work you need to setup squid so that is bypass this site for caching. (Access lists., no_cache option)

Also if your site has specific IP addresses configured as valid clients then when you access it through squid the site get's the SQUID address and not the client machine address, so that might prevent it.

Another thing you could try is to redirect using iptables all traffic directed to this site away from the squid proxy.
0
 

Author Comment

by:mvanryan
ID: 12489068
Thanks, I acutally managed to convince the vendor to move to SSL, instead of using NTLM authentication.
I had previously tried adding the domain to the no-auth required list of sites, but this had not worked.
In any case the issue was resolved, and seeing you had the only comment.... Thanks :)
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Debian: failing to add netwok bridge for kvm 2 118
Linux DNS problems 23 578
Monitor Aliased network interface bandwitch CentOS 4 111
grep command usage 10 35
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question