On Mon, Aug 09, 2004 at 01:26:55PM -0400, Robert Rader wrote: > I authenticate no problems with the dc...
> The proxy works fine with http but whenever I go to an secure site I get > an microsoft error page... Cannot find server or DNS Error.. > Now my understanding with ntlm authentication with Internet explore 5.5 > or greater this is an Explorer error? Is there a workaround or a fix for > this? If you anyone could let me know I would appreciate it.. I have > been banging my head against a wall here.. Two things come to my mind... 1. IE still has problems when you start with an HTTPS page and require proxy authentication. This is a well known (and still stupid) IE bug. 2. How did you define the proxy for HTTPS in the browser? What do the logs say? Christoph Chris thanks for your help... For the proxy server I just use "the squid proxy name" port 3128 I see alot of TCP DENIED, but it seems to happen with HTTP also... But with regular HTTP it will come up about the 3rd time. With HTTPS, sometimes if I hit refresh it will come up or send the info without me knowing it. But for an example with my bank account i get TCP DENIED also but buy the 3rd one it seems to authenticate with the log but I get that stupid error, and then the page is timed out on the bank side. I have been getting this error in the cache.log when it tries to autheneticate over a Secured page I am not sure what this means. [2004/08/09 14:44:46, 1] libsmb/ntlmssp.c:ntlmssp_update(252) got NTLMSSP command 3, expected 1 I was thinking maybe I could set up something with Iptables to redirect request to go directly out for https only? This is my config file... I cheated and used mostly defaults in this area.... http_port 3128 ssl_unclean_shutdown on cache_mem 64 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB minimum_object_size 0 KB maximum_object_size_in_memory 8 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_effective_user squid cache_dir ufs /usr/local/squid/var/spool/ 5000 16 256 cache_access_log /usr/local/squid/var/logs/access.log cache_log /usr/local/squid/var/logs/cache.log emulate_httpd_log on log_ip_on_direct on mime_table /usr/local/squid/etc/mime.conf log_mime_hdrs off debug_options ALL,1 ftp_user [EMAIL PROTECTED] ftp_list_width 32 ftp_passive on auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 5 minutes auth_param ntlm use_ntlm_negotiate on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 30 auth_param basic realm Please Enter your Blair Username and Password! auth_param basic credentialsttl 2 hours authenticate_cache_garbage_interval 1 hour authenticate_ttl 1 hour wais_relay_port 0 request_header_max_size 10 KB request_body_max_size 1 MB # reply_body_max_size 0 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern . 0 20% 4320 quick_abort_min 16 KB quick_abort_max 16 KB quick_abort_pct 95 negative_ttl 5 minutes positive_dns_ttl 6 hours negative_dns_ttl 5 minutes # range_offset_limit -1 KB connect_timeout 2 minutes peer_connect_timeout 30 seconds #siteselect_timeoute 4 seconds read_timeout 4 seconds persistent_request_timeout 1 minute request_timeout 30 seconds client_lifetime 1 day half_closed_clients on pconn_timeout 120 seconds # idnet_timeout 10 seconds shutdown_lifetime 30 seconds acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 acl auth proxy_auth REQUIRED acl SSL_ports port 443 563 acl Safe_ports port 80 21 210 1025-65535 280 488 591 777 acl CONNECT method CONNECT acl east src 10.0.10.0/255.255.255.0 acl locke src 10.0.11.0/255.255.255.0 acl freeman src 10.0.12.0/255.255.255.0 acl mason src 10.0.13.0/255.255.255.0 acl west src 10.0.14.0/255.255.255.0 acl annie src 10.0.15.0/255.255.255.0 acl south src 10.0.16.0/255.255.255.0 acl insley src 10.0.17.0/255.255.255.0 acl clinton src 10.0.19.0/255.255.255.0 acl bogle src 10.0.20.0/255.255.255.0 acl timken src 10.0.21.0/255.255.255.0 acl gym src 10.0.22.0/255.255.255.0 acl perfart src 10.0.23.0/255.255.255.0 acl health src 10.0.18.0/255.255.255.0 acl admin src /255.255.255.0 acl admin2 src /255.255.255.0 acl facdorm src 10.0.24.0/255.255.255.0 acl servadm src 10.0.25.0/255.255.255.0 acl serveve src 10.0.26.0/255.255.255.0 acl morntime time SMTWHF 05:00-19:56 acl evetime time SMTWHF 22:00-22:55 acl sattime time A 05:00-23:59 acl realplay browser RealMedia acl mimeblockq req_mime_type ^app/x-hotbar-xip20$ acl mimeblockq req_mime_type ^application/x-icq$ acl mimeblockp req_mime_type ^app/x-hotbar-xip20$ acl mimeblockp req_mime_type ^application/x-icq$ http_access allow auth CONNECT http_access deny mimeblockq http_reply_access deny mimeblockp http_access allow auth east morntime http_access allow auth east evetime http_access allow auth east sattime http_access allow auth locke morntime http_access allow auth locke evetime http_access allow auth locke sattime http_access allow auth freeman morntime http_access allow auth freeman evetime http_access allow auth freeman sattime http_access allow auth mason morntime http_access allow auth mason evetime http_access allow auth mason sattime http_access allow auth west morntime http_access allow auth west evetime http_access allow auth west morntime http_access allow auth annie morntime http_access allow auth annie evetime http_access allow auth annie sattime http_access allow auth south morntime http_access allow auth south evetime http_access allow auth south sattime http_access allow auth insley morntime http_access allow auth insley evetime http_access allow auth insley sattime http_access allow auth health http_access allow auth clinton http_access allow auth bogle http_access allow auth timken http_access allow auth gym http_access allow auth perfart http_access allow auth admin http_access allow auth admin2 http_access allow auth facdorm http_access allow auth servadm http_access allow auth serveve http_access allow realplay http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all visible_hostname [EMAIL PROTECTED] Thanks.. Bob
