On Wed, 18 Jun 2008 21:54:19 +0200 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > On ons, 2008-06-18 at 13:55 +0200, Malte Schröder wrote: > > > 2008/06/18 13:42:16| authenticateNegotiateHandleReply: Error validating user > > via Negotiate. Error returned 'BH received type 1 NTLM token' > > > > Negotiate is configured like this: > > auth_param negotiate program /usr/lib/squid/squid_kerb_auth -i > > auth_param negotiate keep_alive on > > squid_kerb_auth only support Kerberos, but it looks like that your > client for some reason attempted to use NTLM. > > Negotiate is a generic wrapper for WIndows SSP exchanges, and can wrap > both Kerberos and NTLM, and possibly other Windows authentication > methods as well.. Would it be possible to make a client fall back to NTLM if we see that it doesn't do "proper" Negotiate? Maybe by not announcing Negotiate to a certain client based on User-Agent or IP?
Attachment:
signature.asc
Description: PGP signature
