Jose Lopes wrote:
Hi,
I have the same problem.
I have already set network.negotiate-auth.trusted-uris to proxy domain.
At the firefox (FF) log appears:
0[825140]: service = squid.domain
0[825140]: using negotiate-sspi
0[825140]: nsAuthSSPI::Init
0[825140]: InitSSPI
0[825140]: Using SPN of [HTTP/squid.domain]
0[825140]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
0[825140]: entering nsAuthSSPI::GetNextToken()
0[825140]: Sending a token of length 40
0[825140]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
0[825140]: entering nsAuthSSPI::GetNextToken()
0[825140]: Cannot restart authentication sequence!
The http messages between squid an FF are:
FF -> SQUID
GET http://www.squid-cache.org/ HTTP/1.1
[...]
SQUID -> FF
HTTP/1.0 407 Proxy Authentication Required
Server: squid/3.0.STABLE14
[...]
Proxy-Authenticate: Negotiate
[...]
I know you seem to have tracked it down to a FF bug (maybe).
But I'm wondering if all this checking and testing with 3.0.STABLE15 is
worth it? Negotiate helper had an upgrade in STABLE16.
Also, the way Squid let NTLM/Negotiate helpers became deferred and
'leaked' was fixed in STABLE19. That one is likely to hit as soon as
this initial problem is resolved.
I really would not recommend using anything less than STABLE19 with
NTLM/Negotiate helpers.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15
