Topic: Website authentication problem

[Jim Huneycutt]

I recently installed a 5.6 (all updates) server at a client site that must connect to a certain website that requires authentication - what appears to be Microsoft NTLM authentication complete with domain name. Before installing the SME server the client used a dialup Internet connection and had no problem with entering the username, password and domain in the Microsoft "Enter Network Password" login screen that comes up when he goes to the site. He would click on "save password" and never see the login box during that Internet Explorer session.

After installing SME in server/gateway mode using a DSL connection, the user gets the login screen multiple times (sometimes dozens of times) in order to go to the site or many of the pages on the site. Checking "save password" seems to have no effect when going through the SME server, resulting in entering a password as much as a hundred times or more in a day. I have tested this by removing one or more machines (both Win98 and Win2000, with IE 6) from the SME network and connecting them directly to the Internet. After the first login screen, navigation through the site works with no additional login screens popping up. Returning the systems to the SME server network brings the problem back. (I have even tried XP workstations and another server - 5.5 with all updates).

Since the client is constantly uses this site and it's vital to his business (it's even his home page) this is driving him crazy. I have searched a good bit and seen that there are some problems with NTLM authentication and Squid, but I confess that the discussions are over my head and I'm not even sure I'm on the right track.

I have spent a good many hours playing with various IE settings to no avail. Tech support from the site in question is non-existent in our case - we have to solve the problem on our own. I don't want to have to pull the server because of this nasty little problem.

All suggestions appreciated.

jim

[Boris]

Looks like squid caching issue to me unless that site uses activex controls, that downloaded to local computer and login to that server/domain directly via SMB (that would be stupid things to do)

[Schotty]

Maybe you could turn squid off? If this isnt an option then you could try making squid go direct to the site :


http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.19

4.19 Can I make Squid go direct for some sites?
Sure, just use the always_direct access list.

For example, if you want Squid to connect directly to hotmail.com servers, you can use these lines in your config file:

acl hotmail dstdomain .hotmail.com
always_direct allow hotmail

Please report back if this works!!!! - or if it diesnt
Schotty

[Jim Huneycutt]

Thanks Boris and Schotty. The starting home page for this website is a default.asp page. I do not know if they are downloading an activex control and am not sure how to tell.

Schotty, as a test (and before doing a custom template) I tried the "direct connect" option by placing the two lines (for the relevant domain) in the squid.conf file, and restarted squid. This did not help. Note that I put the two lines just below the "acl webdav"  line in the squid.conf file as follows:

acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
acl clientsite dstdomain .clientsite.com
always_direct allow clientsite

I also tried this from the squid FAQ:

 acl clientsite dstdomain .clientsite.com
 no_cache deny clientsite

to not cache this server - no luck. Still get the multiple logins with the password not being saved.

Thanks again for the suggestions and all ideas are welcome. This problem has pretty well burned up a whole weekend so far.

jim