This is from how the broken by design MS NTLM over HTTP scheme works.. On each new TCP connection there is
1. A request without any user information 2. A request with partial user information (computer & domain) 3. A request with full user information Subsequent requests on the same TCP connection is automatically authenticated. This is very different from how HTTP specifies that authentication should take place. To get rid of the majority of these messages you can switch to the HTTP compliant Basic or Digest authentication schemes.. Regards Henrik fre 2003-02-07 klockan 14.28 skrev [EMAIL PROTECTED]: > Hi! > > I'm using Squid 2.5 with NTLM authentication against a Windows NT 4 domain. > The clients use Internet Explorer, versions 5 to 6 SP1. Everything works > fine, but I was wondering if there was a way to get rid of those TCP_DENIED/407 > messages. I don't know if I'm right, but it looks like every request made > to the Squid comes first with no user on it, and then it gets sent again, > this time with a user to authenticate against the NT domain. Is there a > way to make the IE clients authenticate right on the first try? I mean...it > looks like a waste of bandwidth, time and processing, not mentioning the > unnecessary entries on the access.log... > > Thanks for the attention, and sorry if this question was already answered > in another post... I've looked a lot for it, but couldn't find anything... > > > Konrad Sauer > > > > > > ------------------------------------------ > Use o melhor sistema de busca da Internet > Radar UOL - http://www.radaruol.com.br -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
