Hi Eugene,
I created another helper called negotiate_wrapper which is part of squid
3.2 (although there is a bug in squid 3.2 which means Negotiate/ntlm is not
working with squid 3.2) . Anyway the wrapper work fine with squid 3.1 and
3.0.
The config is:
#
# Negotiate/Kerberos and Negotiate/NTLM
#
auth_param negotiate program
/opt/squid-3.2/libexec/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
/opt/squid-3.2/libexec/negotiate_kerberos_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 20 startup=5 idle=5
auth_param negotiate keep_alive on
#
# NTLM
#
auth_param ntlm program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20 startup=5 idle=5
auth_param ntlm keep_alive on
Markus
"Eugene M. Zheganin" <eugene@xxxxxxxxx> wrote in message
news:4DCD1EEF.4060508@xxxxxxxxxxxx
Hi.
I wanted to ask is there any progress or solution/workaround to this
problem ?
Once per 3-4 months I'm trying to deploy a negotiate authentication
scheme; the majority of clients works just fine, but some of the clients
(and each time these are some important ones) start to sending NTLM tokens
instead of negotiate ones. About a year ago Markus told that he's on the
way to squid_nego_auth helpers, but, as far as I understand, there was
some serious problems.
Can I offer some help ? My skills in C are low, and my knowledge of
NTLM/Kerberos is even lower, so I can provide only testing/debugging help,
but I can do this in harsh environment of hundreds of clients. :P
Eugene.
