Search squid archive

Re: squid_kerb_auth and famous 'BH received ,type 1 NTLM token`

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eugene,

I created another helper called negotiate_wrapper which is part of squid 3.2 (although there is a bug in squid 3.2 which means Negotiate/ntlm is not working with squid 3.2) . Anyway the wrapper work fine with squid 3.1 and 3.0.

The config is:

#
# Negotiate/Kerberos and Negotiate/NTLM
#
auth_param negotiate program /opt/squid-3.2/libexec/negotiate_wrapper -d --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos /opt/squid-3.2/libexec/negotiate_kerberos_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 20 startup=5 idle=5
auth_param negotiate keep_alive on
#
# NTLM
#
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20 startup=5 idle=5
auth_param ntlm keep_alive on

Markus


"Eugene M. Zheganin" <eugene@xxxxxxxxx> wrote in message news:4DCD1EEF.4060508@xxxxxxxxxxxx
Hi.

I wanted to ask is there any progress or solution/workaround to this problem ?

Once per 3-4 months I'm trying to deploy a negotiate authentication scheme; the majority of clients works just fine, but some of the clients (and each time these are some important ones) start to sending NTLM tokens instead of negotiate ones. About a year ago Markus told that he's on the way to squid_nego_auth helpers, but, as far as I understand, there was some serious problems.

Can I offer some help ? My skills in C are low, and my knowledge of NTLM/Kerberos is even lower, so I can provide only testing/debugging help, but I can do this in harsh environment of hundreds of clients. :P

Eugene.





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux