On 23/08/11 23:12, Alex Crow wrote:
Hi, With NTLM auth in the past instructions have stated not to use the helper supplied with Squid but the one from Samba. Is that still the case or should we be using the newer helper "ntlm_smb_lm_auth"?
ntlm_smb_lm_auth is a simple renaming of the old Squid helper to avoid the confusion between the two. Still recommended to avoid when any type of security is needed.
The Samba helper remains recommended. It supports NTLMv2 and the session security features.
FWIW: The difference between the two is that Samba helper performs NTLMv1 or NTLMv2. The Squid one is actually performing the older SMB LM protocol that came before NT LM was invented. Thus the name.
I am asking this as since I have been testing with squid 3.2 I have noticed some odd things related to auth and the external acl helper for nt groups (ext_wbinfo_group_acl) in that every so often squid seems to think I'm not in a group when I am - despite ext_wbinfo_group_acl working fine when I send hundreds of requests a second to it.
I think this effect is more related to the problems we are seeing with Squid-3.2 "loosing" credentials if they expire mid-way thorough the processing of a request.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10
