Ken Thomson wrote: > The server operates fine, and the authentication works as > expected. My problem lies with the access.log file. > Every request from a client is first denied and then > accepted after being authenticated. This happens to > *EVERY* request.
Yes, this is because of how NTLM authentication works. On each new TCP connection from the browser the following happens 1a. Browser sends request without authentication 1b. Rejected by Squid as there is no authentication, squid proposing to use NTLM 2a. Browser sends request with a NTLM NEGOTIATE packet embedded in the headers 2b. Rejected by Squid with a NTLM CHALLENGE packet embedded in the headers 3a. Browser sends request with a NTLM AUTHENTICATE packet embedded in the headers 3b. Connection accepted by Squid if the authentication is successful. This request and any future requests on the same TCP connection is forwarded. All responses by Squid is logged. If this disturbs your log statistics then filter out TCP_DENIED/407 lines with no username before processing the logs. Regards Henrik
