On 24/11/2015 5:57 a.m., Michael Pelletier wrote: > Hello, > > I have squid in the production environment and everything is running well. > I am building a new server that will be used as a new template of squid in > our virtual environment. > > for some reason on the new template server I am getting negotiate_wrapper > inserting a "*" before the username. This of course is not matching any > users when I do a group matching in LDAP. > > negotiate_wrapper: Return 'AF = * [username] > > Yet, this is not happening in the production systems. Does anyone know what > is going on? The format of the Negotiate authentication lines is "AF" <token> <label>. Where token is the base64 encoded Negotiate/Kerberos token to be sent to the client to confirm authentication success. "*" is used when the client is performing Negotiate/NTLM, which does not use that token. Is that "=" symbol also in the result lines? if so it is what is screwing things up. IIRC we fixed this problem in the helper a long while back, please try an upgrade. If it is occuring in the latest squid releases, please provide which exact version you are using, and the cache.log trace when diagnostics is enabled on the helper. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
