On 15/07/11 13:47, Daniel Faulknor wrote:
Hi, I've followed the http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory howto, and I am now getting this error in my cache.log 2011/07/15 12:13:45| squid_kerb_auth: WARNING: received type 1 NTLM token 2011/07/15 12:13:45| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' 2011/07/15 12:13:54| squid_kerb_auth: DEBUG: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from squid (length: 59). 2011/07/15 12:13:54| squid_kerb_auth: DEBUG: Decode 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded length: 40). 2011/07/15 12:13:54| squid_kerb_auth: WARNING: received type 1 NTLM token 2011/07/15 12:13:54| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' This happens both when trying to access via the proxy using IE/Chrome/Firefox None of my googling as presented a solution Thanks
Squid is offering Negotiate/Kerberos auth and the agents are responding with NTLM or Negotiate/NTLM.
Markus Moeller wrote a negotiate_wrapper helper that works nicely to cope with Negotiate/NTLM responses. There is nothing we can do about the other broken agents which return plain NTLM though.
The wrapper helper can be found at: http://sourceforge.net/projects/squidkerbauth/files/ Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.9
