On 23/02/2012 7:00 p.m., Jiang Wen Dong wrote: > Website in local LAN. > > Forward mode, not reverse mode. > > auth_param ntlm keep_alive on
auth_param is proxy-auth headers in forward-proxy mode. You need client_persistent_connections and server_persistent_connections ON. For keep-alive. These should be on by default in 3.1+, so the thing to check is whether you disabled those. > NTLM doesn’t work, neither Kerberos. Very strange. As I said www-auth headers just get passed straight through the proxy to the www server. Amos > > ------------------------------------------------ > Jiang Wendong (姜文栋) > IT Dept. > Tel: 010-5822-3486/3481 > Mobile: 13811249966 > E-Mail: [email protected] / [email protected] > > > > -----邮件原件----- > 发件人: Amos Jeffries [mailto:[email protected]] > 发送时间: 2012年2月23日 12:34 > 收件人: [email protected] > 主题: Re: [squid-users] Can't access IIS website with Integrated Windows > Authentication, why? > > On 22/02/2012 5:30 p.m., Jiang Wen Dong wrote: >> I have 2 IIS website with Integrated Windows Authentication. >> >> Users access internet and these 2 websites by squid. >> Access internet is ok, but can’t access these 2 websites. >> >> I have tied v3.1 and v3.2 with default config, but the problem still there. >> >> It seems squid cut off www-auth information. >> >> Anybody can help me with this? > Is squid operating in forward or reverse proxy mode? > * forward proxy never touch www-auth headers > * reverse proxy are where the auth is destined to be tested. Squid will > attempt to validate them using your configured auth_param. > NP: login using NTLM credentials to a backend is not supported. (what often > appears to be a "relay" is actually Squid logging into the backend itself). > > Is the website on the local LAN or out on the Internet? > * NTLM requires end-to-end connectivity. Many Internet links do not provide > those guarantees since proxy gateways and NAT were invented. > > Do you have persistent connections enabled or disabled? > * NTLM requires them. > > > Amos > > CAUTION: This message may contain privileged and confidential information > intended only for the use of the addressee named above. If you are not the > intended recipient of this message you are hereby notified that any use, > distribution or reproduction of this message is prohibited. If you have > received this message in error please notify the sender of this message > immediately. ( (c)TD Tech Co.,Ltd) > 重要提示:此邮件及附件具保密性质,包含商业秘密、受法律保护不得泄露。如果您意外收到此邮件,特此提醒您此邮件的机密性,请立即通知我们并从您的系统中删除此邮件及附件。如果您不是此邮件应当的收件人,请注意不可对此邮件及其附件进行利用、复制或向他人透露其内容。 > ( (c)TD Tech Co.,Ltd)
