Follow-up to yesterday's post about successes with XP and NTLM auth to Squid. What I'm seeing is the client sending a RST packet to Squid in the middle of the second phase of auth. The packet trace follows the normal mechanics of NTLM authentication: 1. Client connects and requests page. 2. Squid responds with 407 Proxy-Authentication: NTLM 3. TCP session is torn down. 4. Client connects again with Proxy-Authorization: NTLM 5. Squid responds with 407 Proxy-Authenticate: NTLM 6. At this point the session breaks down. I get an ACK from the client for the 407 packet. Then out of the blue the client sends a RST ending the session.
We have opened a case with M$ with the packet traces. Has anyone seen this behavior before? Our configuration: Squid Cache: Version 2.5.STABLE3 configure options: --prefix=/software/squid --enable-auth=basic,ntlm,digest --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,MSNT,winbind,multi-domain-NTLM --enable-ntlm-auth-helpers=SMB,winbind --enable-external-acl-helpers=ldap_group,unix_group,winbind_group --with-winbind --with-winbind-auth-challenge --with-samba-sources=/usr/src/redhat/BUILD/samba-2.2.7 This is RedHat Enterprise edition. Again the XP client as a bit flipped that says it will only support NTLM. It behaves as expected with the bit flip for LM & NTLM. Jayme Frye
