On Mon, 18 Oct 2004, Hal Douglas wrote:
1098069200.802 1 10.0.1.8 TCP_DENIED/407 1747 GET http://www.google.com/ - NONE/- text/html [Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*\r\nAccept-Language: en-au\r\nCookie: PREF=ID=17238ed846c9d38d:CR=1:TM=1096527005:LM=1096527005:S=kyLy_3fTUQxpLp2g \r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/2.5.STABLE6\r\nMime-Version: 1.0\r\nDate: Mon, 18 Oct 2004 03:13:20 GMT\r\nContent-Type: text/html\r\nContent-Length: 1320\r\nExpires: Mon, 18 Oct 2004 03:13:20 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: Basic realm="Pandora Squid Test Proxy blah blah blah"\r\nProxy-Authenticate: NTLM\r\n\r]
Did you get only this 407, or additional ones? NTLM uses 3 requests (minimum 2) per new TCP connection to the proxy to authenticate, and all three is needed..
The expected sequence is
1. A simple 407 like the one above, indicating Squid accepts both Basic and NTLM authentication.
2. A 407 where the browser sent a blob of information in Proxy-Authorize: NLMT ... and Squid responds with a similar blob.
4. A 200 where the browser sent another blob of information (the actual user credentials step) in it's Proxy-Authorize: NTLM header.
Regards Henrik
