On 01/03/18 21:42, Thomas.Elsaesser wrote: > > Example : if i destroy kerberos keytab file for squid, i see an error in > cache.log. but not ntlm auth working. How can i configure squid, if > kerb auth give an error, switch to ntlm? If i disable kerb lines in > squid.conf and restart squid, ntlm works fine. You cannot. In HTTP the client decides which auth to perform and sends credentials only for that scheme. The most Squid can do is offer the schemes it can understand. Clients are supposed to select the most secure auth they are capable of. >From your description it seems like your NTLM clients are probably trying to use Negotiate/NTLM instead of Negotiate/Kerberos. If so you should be able to use the negotiate_wrapper helper to allow Squid to perform Negotiate/NTLM for those clients. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
