Hi Wolfgang,
You could try my new negotiate wrapper
http://sourceforge.net/projects/squidkerbauth/files/negotiate_wrapper/negotiate_wrapper-1.0.0/negotiate_wrapper-1.0.0.tar.gz/download
Usage:
auth_param negotiate program /usr/sbin/negotiate_wrapper [-d] --ntlm
<ntlm-helper with args> --kerberos <kerberos-helper with args>
example:
auth_param negotiate program /usr/sbin/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
/usr/sbin/squid_kerb_auth -d -s GSS_C_NO_NAME
Markus
"Henickl Wolfgang" <Wolfgang.Henickl@xxxxxx> wrote in message
news:D4C860F6883E8B45815499F357CE011C078AFB19@xxxxxxxxxxxxxxxxxxxxxx
Thanks for the reply!
The major problem is, that the changes in Security Policy of Windows 7
hasn't changed a thing. But I will try it again, therefore my question. I
am also unsure, because in Windows 7 a new WinHTTP Version is included,
which may also cause problems.
Is there anything, which should be considered, configuring/activating NTLM
and Kerberos at the same time in Squid?
Kind regards
Wolfgang
-----UrsprÃngliche Nachricht-----
Von: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Gesendet: Donnerstag, 03. MÃrz 2011 03:56
An: squid-users@xxxxxxxxxxxxxxx
Betreff: Re: NTLM/Kerberos Authentication with Windows 7
On Wed, 2 Mar 2011 13:58:04 +0100, Henickl Wolfgang wrote:
Hello,
I am looking for a solution of strange Problem. It seems that WinHTTP
Programs under Windows 7 tend to use Kerberos Authentication, instead
of
NTLM. The problem is, that I am working behind a Squid Proxy that is
only configured for NTLM.
Do somebody know which settings I should modify?
Is there a setting required for "Network security: LAN Manager
authentication level" under Windows 7?
Are there known problems with such a configuration or any FAQs for
troubleshooting such environments?
Sounds like you have found the problem already. The solution is to
either disable the Kerberos security on Windows 7 (rendering the network
back down to NTLM / NT 4.0 LanManager security levels) or upgrade your
squid to accept Kerberos.
The squid wiki has config tutorilas on Kerberos for Squid. It's usually
not too painful add in parallel with NTLM.
Amos