-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21/11/2014 12:38 a.m., Lupick wrote: > Hi I've a problem authenticating users outside my AD domain after > the upgrade to squid 3.3.8. 3.3.8 is far from the latest Squid. There is information about where to find updated packages for CentOS at <http://wiki.squid-cache.org/KnowledgeBase/CentOS> > > All the domain logged user are able to authenticate without any > issue. > > The local user or user of a non domain computer have a > username/password prompt as expected. > > If I provide the right doamin\username and password the promt > appear over and over. By "right" you mean the Basic or NTLM credentials? Which popup is the browser selecting to display? - the realm value configured in squid.conf is displayed as part of the Basic auth popup, IIRC the proxy hostname or DOMAIN is listed in teh NTLM popup. So you should be able to tell which its asking for. NTLM requires machines to be signed into the domain to get the correct credentials crypto tokens from the DC to login with. Any attempt to use NTLM credentials without being signed onto the domain will fail. Basic auth only requires the domain\user:password combo gets delivered. > > BUT after the first time if I click cancel qnd I retry i'm able to > browse internet. This happen cause the credential provided are > stored under the windows credentian manager in the control panel. > > no problem using centos 6 and squid 3.3.1, the problem appears > after an upgrade to centos 7 and squid 3.3.8. > > this is my section on squid.conf: > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 45 > #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm > max_challenge_lifetime 2 minutes > > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server auth_param > basic credentialsttl 5 hours > PS. Have you considered migrating to Kerberos? it has a lot less problems than NTLM. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUbg6UAAoJELJo5wb/XPRjHzYIALBvTG3mVsl0QX0I1MzYdM2w h9Cz2ShzpYEJWP+JcqeyQsp8xd8eWcxC8jsnibTat60belprPjcG7HLVVKHnKacT jwQUQFId5B3KfuIad5MD887CxLwfujT3yoiBB2vFFki+bGWkkEDoOPzkcNY7TsUs pSAqlynOpHNWH6UTahzG7L/xvxcHMTv8Wd2n1XxKFSGrdShwkWixLP1x3zA/CB3q qckN8H5R/rOnMSBmWNCZ5VDFelPZTItXaxf4HmSbLw4XySxwLkthd8kHO9o/sv4E SwiOihvxVMcXD/GPyG+bW9aXDN1p51aPX0SIisUuznuhh6vTTrhCJTqCDU1o9mM= =pGgC -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users