Proxy: Add UI option to not use NTLM on Windows (squid problems)




16 years ago
3 years ago


(Reporter: nathanc, Unassigned)


Windows 2000

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [ntlm-auth])


(1 attachment)

39.59 KB, text/plain


16 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3.1) Gecko/20030425
Build Identifier:

I was excited to download and start using 1.4 when it came out, however I had a
problem using it.

I couldn't get the authentication popup to stop comming up. I have been using
Mozilla exclusively since 1.1. It has worked fine in my corporate environment
until 1.4 (Windows) started using NTLM authentication.

I couldn't find an option in the preferences to disable NTLM so that I could use
the older authentication method (and therefore get access to the Web).

Our SysAdmins state "Internet Explorer is our only sanctioned browser, use it."
But I refuse.  I have downgraded to Mozilla 1.3.1 until I can switch off NTLM or
until the SysAdmins bend and try to find out why NTLM is failing.

Reproducible: Always

Steps to Reproduce:

I can't tell you what version of what firewall, proxy server, or NTLM we are
using, or even the vendors.  I am just a programmer and am not privy to the
details of our corporate network.

Comment 1

16 years ago
why don't you use proper credentials instead ?
Just use the username field as "DOMAIN\username" and your standard password.
Whiteboard: [ntlm-auth]

Comment 2

16 years ago
Oliver, thanks for the suggestion.

However, it didn't work, I just got a "Cache Access Denied" error from our 

But I did get more information on our proxy/firewall. It's running 

Our SysAdmins have been messing around with the NTLM settings on the 
proxy/firewall in an attempt to make it more secure. So I'm not sure that we 
have a "standard" installation of anything.

Is there a user preference setting in the prefs.js file or elsewhere to disable 
NTLM in the mean time?

Comment 3

16 years ago
use latest nightly build and
provide a HTTP log from the failing session (only), see instructions here:

Comment 4

16 years ago
there is no pref to disable NTLM, but you can manually edit the file
"compreg.dat" stored in the "components" directory and remove the line that
looks like:;1?scheme=ntlm,{blah-blah-blah-blah}


Comment 5

16 years ago
nathanc: i suspect you are experiencing bug 211843.
Depends on: 211843

Comment 6

16 years ago
Created attachment 129599 [details]
Log File

This is the log file requested by Olivier Cahagne in Comment 3.

Comment 7

16 years ago
Thanks Darin.

The removal of the NTLM Authenticator Line worked.

I hope that it is Bug 211843, this will help me convince the SysAdmins to fix
the proxy/firewall.

The Log file I attached should help you decipher the problem.

Comment 8

16 years ago
In another bug report, someone does have this combination working. I'm trying to
get access to the documentation or steps for that config, because I want that
for my test farm.
Summary: Add UI option to not use NTLM on Windows → Proxy: Add UI option to not use NTLM on Windows (squid problems)

Comment 9

16 years ago
0[234008]:   InitializeSecurityContext returned [rc=-2146893054:]

this log file line is telling... this bug doesn't have anything to do with bug
211843 afterall.  from what i can tell (doing some googling.. don't have a MSVC
build environment handy), that error code is:


unfortunately, there isn't any more information about why that is the case.  or
in particular what function is not supported.  at least in this case, the server
is Squid, so maybe i can get a copy of squid setup with NTLM auth and see this
in action for myself.

seems to me that we have two bugs here: 1) add ui option, and 2) fix the bug. 
perhaps filing a new bug for the error code is the thing to do, or perhaps we
already have one on file, and it is just a matter of finding the right bug to
match this up with.
No longer depends on: 211843
Ever confirmed: true
Target Milestone: --- → Future

Comment 10

16 years ago
squid 2.5-STABLE4 has been released... maybe it has some improvements that will
help this situation.

Comment 11

15 years ago
This may be one of Samba's NTLMSSP bugs :-)

Squid backs onto Samba for NTLMSSP in most installations.  If the setup was
Samba 3.0.1 backed, then this bug has probably been fixed, but should be raised
on the samba lists or against ntlm_auth in

Andrew Bartlett
Samba Team

Comment 12

13 years ago
-> default owner
Assignee: darin → nobody
Component: Networking: HTTP → Networking
QA Contact: networking.http → networking
Target Milestone: Future → ---
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.