Guys, Thanks for your help with this. The Documentation I was using is supposed to allow basic auth as a fallback if NTLM doesn't work. It turns out that basic was taking over somehow, which is strange, but when I commented out the basic auth section I'd setup (according to the docs) NTLM started working. Which is strange, because I'd tried that in my last install.
Anyway, thanks for your help, NTLM auth is working now. Hope it still works in the production system! ;) L8r. -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Monday, 18 October 2004 8:41 PM To: Hal Douglas Cc: 'Henrik Nordstrom'; [EMAIL PROTECTED] Subject: RE: [squid-users] NTLM Auth Problem. On Mon, 18 Oct 2004, Hal Douglas wrote: > 1098069200.802 1 10.0.1.8 TCP_DENIED/407 1747 GET > http://www.google.com/ - NONE/- text/html [Accept: image/gif, > image/x-xbitmap, image/jpeg, image/pjpeg, > application/vnd.ms-powerpoint, application/vnd.ms-excel, > application/msword, application/x-shockwave-flash, > */*\r\nAccept-Language: en-au\r\nCookie: > PREF=ID=17238ed846c9d38d:CR=1:TM=1096527005:LM=1096527005:S=kyLy_3fTUQ > xpLp2g > \r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; > .NET CLR > 1.1.4322)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\n] > [HTTP/1.0 407 Proxy Authentication Required\r\nServer: > squid/2.5.STABLE6\r\nMime-Version: 1.0\r\nDate: Mon, 18 Oct 2004 > 03:13:20 > GMT\r\nContent-Type: text/html\r\nContent-Length: 1320\r\nExpires: > Mon, 18 Oct 2004 03:13:20 GMT\r\nX-Squid-Error: > ERR_CACHE_ACCESS_DENIED > 0\r\nProxy-Authenticate: Basic realm="Pandora Squid Test Proxy blah > blah > blah"\r\nProxy-Authenticate: NTLM\r\n\r] Did you get only this 407, or additional ones? NTLM uses 3 requests (minimum 2) per new TCP connection to the proxy to authenticate, and all three is needed.. The expected sequence is 1. A simple 407 like the one above, indicating Squid accepts both Basic and NTLM authentication. 2. A 407 where the browser sent a blob of information in Proxy-Authorize: NLMT ... and Squid responds with a similar blob. 4. A 200 where the browser sent another blob of information (the actual user credentials step) in it's Proxy-Authorize: NTLM header. Regards Henrik
