Hello I am able to authenticate user agents via "Negotiate" with following: auth_param negotiate program /usr/lib64/squid/squid_kerb_auth auth_param negotiate children 10 auth_param negotiate keep_alive on I've configured binding with mskutil and with IE, Mozilla, some other apps everything works fine - there is no username/password popup, it's transparent. Before I did it with winbind, but was getting password popup windows. When I try to use Opera browser I am getting ugly message after entering credentials: authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' I've checked communication between proxy and browser via Wireshark and I see that Opera is negotiating with NTLMSSP, with string "Negotiate" with OS revision version (testing with Windows 7 clients). My goal is to replace ISA with Group+pass AD authentication with Squid and have transparent proxying on IE and with other clients with popup windows :) Is there any "universal", well tested configuration/manual that will make all clients work? If there is a need in a research - I can join. Squid versions available: 2.7.x, 3.1.16, 3.2.0.14, custom-compiled RPM OS: RHEL5 Thanks Best regards, George Machitidze
