Hi, I meant 3.1.11 How do I check which user-agent is giving this issue? As I told 70% people use IE here (different versions) some use IE 8, IE 7 and IE 6. 20-25% use firefox 3.6 or firefox 4 and rest use google chrome. Can you please point me to some doc to use that negotiate wrapper. I tried squid_kerb_auth and failed miserably and I'm not planning to go near it until my squid is stable. I have made a GPO for all users to use NTML as preferred auth method, let's see if that makes a difference. I did it by adding "LmCompatibilityLevel" to "1" in registry. Cheers On 19 April 2011 14:08, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 19/04/11 20:09, Go Wow wrote: >> >> Hi, >> >> I use NTLM to authenticate my AD users with Squid 3.11. My cache logs > > You mean 3.1.1? we are only up to 3.2 series so far. > >> have these entries at random times. I know that the client is sending >> a kerberos reply instead of NTLM auth. I want to know whether >> something can be done about this or not. >> >> libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 >> >> I tried moving to Kerberos but it didnt work for me. My client envirno >> is IE 8, Chrome and Firefox 3.6 or 4 > > For the record which User-Agent is broken and sending Kerberos when offered > NTLM? and are you offering Negotiate? > > The new negotiate_wrapper helper from Markus Moeller may help. We have > tested it of use in "auth_param negotiate", but I'm not sure of the effect > if its used in "auth_param ntlm". > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.7 >