Search squid archive

Re: Which NTLM helper are we supposed to use in 3.2?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/08/11 23:12, Alex Crow wrote:
Hi,

With NTLM auth in the past instructions have stated not to use the
helper supplied with Squid but the one from Samba. Is that still the
case or should we be using the newer helper "ntlm_smb_lm_auth"?


ntlm_smb_lm_auth is a simple renaming of the old Squid helper to avoid the confusion between the two. Still recommended to avoid when any type of security is needed.

The Samba helper remains recommended. It supports NTLMv2 and the session security features.

FWIW: The difference between the two is that Samba helper performs NTLMv1 or NTLMv2. The Squid one is actually performing the older SMB LM protocol that came before NT LM was invented. Thus the name.


I am asking this as since I have been testing with squid 3.2 I have
noticed some odd things related to auth and the external acl helper for
nt groups (ext_wbinfo_group_acl) in that every so often squid seems to
think I'm not in a group when I am - despite ext_wbinfo_group_acl
working fine when I send hundreds of requests a second to it.

I think this effect is more related to the problems we are seeing with Squid-3.2 "loosing" credentials if they expire mid-way thorough the processing of a request.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.14
  Beta testers wanted for 3.2.0.10


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux