On 15/05/2013 12:37 p.m., Carlos Defoe wrote:
Ok. Let me be a bit more annoying.
Is it necessary to use the pure ntlm auth following the negotiate? In
what case the negotiate ntlm will not succeed and the pure ntlm will
do?
It is optional. Negotiate is relatively newer than NTLM. It is possible
there are still client software out there which *only* understands plain
NTLM.
It's up to you whether you use it. I suggest running with both for a
while (some weeks / months) then looking at your helper statistics to
see which (if any) clients are picking NTLM still.
One more thing: Can i set two basic auth methods? One with the
ntlm_auth with helper-protocol "squid-2.5-basic", and another with
basic_ldap_auth?
No. Not in any existing Squid versions.
The idea is on the wishlist since it keeps coming up as a FAQ, but
nobody has wanted it enough yet to be bothered sponsoring any work (at
least publicly).
Seems that, in some cases, my basic_ldap_auth is receiving
"samaccountname=none" and thus failing. Probably from some Internet
Explorer behind a load balancer or a NAT. So i thought of trying ntlm
basic too, but i couldn't find any example with two basic
authentications and don't know if that makes any sense.
thanks!
Amos
