[squid-users] Problem with Https and NTLM on AD domain

From: hallelujah <abovegrd_at_gmail.com>
Date: Thu, 23 Sep 2010 15:26:13 +0800

Dear all:

  I have a problem with HTTPS and NTLM authenticate on the original server.

 The web server is using microsoft iis and using "integrated windows
authentication" with AD domain and with https.

 My test squid version is 3.1.4 on Redhat AS 5  and web server is
Microsoft 2003 Enterprise.

 Using squid, only NTLM is ok when protocol is http. but failed on https.

I decrypted the packet on wireshark, and found out that the Domain
name, User name and Host name is truncated to one word,
such as :
 the packet from client to squid is "GET / HTTP/1.1, NTLMSSP_AUTH,
User:192.168.0.3\jack"
 the packet from squid to web server became "GET / HTTP/1.1,
NTLMSSP_AUTH, User:1\j"

I'm not sure it is reated. because after i login with "A\j", it also
couldn't login in successfully.

when running squid with "-Nd1", some special message outputed , and I
also couldn't understood it's means.
"fwdNegotiateSSL: Error negotiating SSL connection on FD 10:
error:00000000:lib(0):func(0):reason(0) (5/0/0)
 TCP connection to 192.168.0.3/443 failed
"

I also tried with TPROXY mode, it also failed.

I'm looking forward to your reply.

Yours sincerely
Received on Thu Sep 23 2010 - 07:26:20 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 23 2010 - 12:00:04 MDT