+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, Squid, negotiate and WPAD.dat in Technical; I am currently in the process of setting up a squid server to replace our TMG server. I have got ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,694
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833

    Squid, negotiate and WPAD.dat

    I am currently in the process of setting up a squid server to replace our TMG server.

    I have got Squid up and running, on Windows Server 2008 R2 (this is done to try and keep as much of a 'standard' platform in school as possible for future years).

    I have it working with negotiate - if I put the proxy in the manual proxy details boxes. It logs my username against my web browsing as it should. However, if I enter the details in our WPAD.dat file (replacing the IP of the existing TMG server), I get prompted to log in!

    Any idea why it'd be prompting me there but not when its defined manually?

  2. #2
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    806
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    Can you see the request for the WPAD file in the access log? IE does some goofy things with caching the WPAD script and I don't believe IE sends credentials with WPAD gets. I would try two things: first, disable caching of WPAD through GPO, and second, edit the WPAD file to instruct the browser to connect to whatever web server is hosting the WPAD file directly.

    Code:
    User Configuration>Administrative Templates>Windows>Components>Internet Explorer: Disable caching of Auto-proxy scripts
    Code:
    if shExpMatch (url, "http://webhost/wpad.dat") return "DIRECT";

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,694
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    How would the request be in the access log? The access log would only log requests for things after the wpad had been downloaded - as the browser doesn't know anything about the proxy until it gets it (directly)?

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Does accessing the wpad.dat require authentication?

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,694
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Nope. Its hosted on our ruckus controller.

  6. #6
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    806
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    Quote Originally Posted by localzuk View Post
    How would the request be in the access log? The access log would only log requests for things after the wpad had been downloaded - as the browser doesn't know anything about the proxy until it gets it (directly)?
    I was thinking about consecutive requests for the WPAD script once it has already been cached by IE. I actually had an issue where I forgot to add the web server hosting the WPAD file to exceptions and had this happen. So I was curious if it was subsequent gets for WPAD triggering a request for credentials or whatever the start-up page your browser is set to.

    The only other thing I could think of is if you're using the Kerberos helper in Squid then the proxy has to be called out by its FQDN instead of by IP. It will continually prompt for credentials if this were the case.

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,694
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Quote Originally Posted by Duke5A View Post
    The only other thing I could think of is if you're using the Kerberos helper in Squid then the proxy has to be called out by its FQDN instead of by IP. It will continually prompt for credentials if this were the case.
    Ah! That sounds like it could very well be the issue. I use the IP in the WPAD file, but the name when entering it manually. I shall test and see.

  8. #8

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    15
    Quote Originally Posted by localzuk View Post
    I have got Squid up and running, on Windows Server 2008 R2 (this is done to try and keep as much of a 'standard' platform in school as possible for future years).
    i know where you're coming from there, its a tricky decision to make, especially if you use DPM for backups

  9. #9


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 849 Times in 671 Posts
    Rep Power
    196
    Kerberos *definitely* needs the proxy accessed by FQDN, and if I am not mistaken you need to access the WPAD file by FQDN too.

  10. #10

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,694
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    WPAD seems happily to be accessed by IP - the device its hosted on doesn't have a FQDN as its a wireless controller. I'll be experimenting today, once I figure out why our DNS servers have suddenly decided 'nah, not gonna replicate'...

SHARE:
+ Post New Thread

Similar Threads

  1. WPAD.DAT with IIS and DNS
    By PatRamsden in forum Wired Networks
    Replies: 24
    Last Post: 3rd December 2013, 11:14 AM
  2. Vlans and wpad.dat
    By victory2012 in forum Wired Networks
    Replies: 3
    Last Post: 8th April 2013, 07:08 PM
  3. SymantecAV and ntuser.dat 256kb
    By towen in forum Educational Software
    Replies: 0
    Last Post: 12th March 2008, 02:02 PM
  4. WPAD.DAT
    By k-strider in forum Coding
    Replies: 0
    Last Post: 4th July 2007, 03:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •