I already fixed the problem that caused NTLM authentication to work only. Greetings yanier Ing. Yanier Salazar Sánchez Administrador de Red Empresa Eléctrica Ciego de Avila Teléfonos: (33) 228613 ext 305
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Yanier Salazar Sanchez Sorry for my bad english. This is the scenario I have ubuntu 18.04.01 (with las update) with squid 4.2-2, samba and winbind 4.7.6, AD on Windows Server 2012 R2/2016 with the las update, Client with windows 10 1709 with the las update, firefox 60.2.0esr, google chrome 61.0.3163.79, firefox quantum 62.0 and internet explorer I using this guide https://blog.it-kb.ru/2014/06/16/forward-proxy-squid-3-3-on-ubuntu-server-14-04-lts-part-1-install-os-on-hyper-v-generation-2-vm/ (Only to where kerberos and NTLM are configured) I joined the proxy to the active directory All the commands seem to work correctly I run this command klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: HTTP//srv-squid-krb.mired.lan@xxxxxxxxx Valid starting Expires Service principal 09/13/2018 16:29:48 09/14/2018 02:29:48 krbtgt/MIRED.LAN@xxxxxxxxx 09/13/2018 16:55:57 09/14/2018 02:29:48 host/srv-squid-krb.mired.lan@xxxxxxxxx 09/13/2018 16:56:13 09/14/2018 02:29:48 host/srv-dc.mired.lan@xxxxxxxxx I run this command kinit squidtest password for squidtest@xxxxxxxxx: I create a proxy.keytab in my windows server 2012 r2 with this command ktpass -princ HTTP/srv-squid-krb.mired.lan@xxxxxxxxx -mapuser MIRED\squidtest -pass password -crypto All -ptype KRB5_NT_PRINCIPAL -out d:\proxy.keytab proxy.keytab permission rw-r—r root proxy proxy.keytab My krb5.conf file [libdefaults] default_realm = MIRED.LAN dns_lookup_kdc = yes dns_lookup_kdc = no ticket_lifetime = 24h default_keytab_name = /etc/squid/proxy.keytab [realms] MIRED.LAN = { kdc = srv-dc.mired.lan admin_server = srv-dc.mired.lan default_domain = mired.lan } [domain_relam] mired.lan = MIRED.LAN .mired.lan = MIRED.LAN I run this command klist –k /etc/squid/proxy.keytab Keytab name: FILE/etc/squid/proxy.keytab KVNO Principal 6 HTTP/srv-squid-krb.mired.lan@xxxxxxxxx 6 HTTP/srv-squid-krb.mired.lan@xxxxxxxxx 6 HTTP/srv-squid-krb.mired.lan@xxxxxxxxx 6 HTTP/srv-squid-krb.mired.lan@xxxxxxxxx 6 HTTP/srv-squid-krb.mired.lan@xxxxxxxxx I run this command wbinfo –authenticate=squidtest%mypassword Plaintest password athentication succeded Challenge/response password authentication succeded I run this command wbinfo –krb5auth=squidtest%mypassword Plaintest kerberos password athentication for [squidtest:mypassword] succeded (requesting cctype: FILE) credential were put in; FILE/tmp/krbcc_0 I run this command wbinfo –g (List all groups in AD) I run this command wbinfo –u (List all users in AD) I run this command /usr/lib/squid/negotiate_kerberos_auth_test srv-squid-krb.mired.lan Token: YIICSAYGRKw….. blabla /B8VWAxn29WaG/j The squid.conf it’s basic configuration only with auth_program negotiate program /usr/lib/squid/negotiate_wrapper_auth –d –ntlm /usr/bin/ntlm_auth –diagnostics –helper-protocol=2.5-ntlmssp –domain=mired –kerberos /usr/lib/squid/negotiate_kerberos_auth –d –r –s HTTP//srv-squid-krb.mired.lan@xxxxxxxxx auth_program negotiate children 10 auth_program negotiate keep_alive off auth_param ntlm program /usr/bin/ntlm_auth --diagnostics –helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param ntlm keep_alive off acl red src 192.168.0.0/24 acl auth proxy_auth REQUIRED and http_access allow red auth But the problem is that Kerberos don’t work. Only NTLM. cache.log 2018/09/14 06:25:02| negotiate_wrapper: Starting version 1.0.1 2018/09/14 06:25:02| negotiate_wrapper: NTLM command: /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp 2018/09/14 06:25:02| negotiate_wrapper: Kerberos command: /usr/lib/squid/negotiate_kerberos_auth -d -r -s HTTP/srv-squid-krb.mired.lan@xxxxxxxxx negotiate_kerberos_auth.cc(487): pid=10816 :2018/09/14 06:25:02| negotiate_kerberos_auth: INFO: Starting version 3.1.0sq negotiate_kerberos_auth.cc(546): pid=10816 :2018/09/14 06:25:02| negotiate_kerberos_auth: INFO: Setting keytab to /etc/squid/proxy.keytab negotiate_kerberos_auth.cc(570): pid=10816 :2018/09/14 06:25:02| negotiate_kerberos_auth: INFO: Changed keytab to MEMORY:negotiate_kerberos_auth_10816 2018/09/14 13:39:18| negotiate_wrapper: Return 'TT TlRMTVNTUAACAAAADgAOADgAAAAVgonigQb5TAh6RigAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIALqX2txRTNQBAAAAAA== ' 2018/09/14 13:39:18.197 kid1| 29,4| UserRequest.cc(311) HandleReply: Need to challenge the client with a server token: 'TlRMTVNTUAACAAAADgAOADgAAAAVgonigQb5TAh6RigAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIALqX2txRTNQBAAAAAA==' 2018/09/14 13:39:18.197 kid1| 29,2| UserRequest.cc(203) authenticate: need to challenge client 'TlRMTVNTUAACAAAADgAOADgAAAAVgonigQb5TAh6RigAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIALqX2txRTNQBAAAAAA=='! 2018/09/14 13:39:18| negotiate_wrapper: Return 'TT TlRMTVNTUAACAAAADgAOADgAAAAVgonig5b0rgxfAqwAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAD5e29xRTNQBAAAAAA== ' 2018/09/14 13:39:18.202 kid1| 29,4| UserRequest.cc(311) HandleReply: Need to challenge the client with a server token: 'TlRMTVNTUAACAAAADgAOADgAAAAVgonig5b0rgxfAqwAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAD5e29xRTNQBAAAAAA==' 2018/09/14 13:39:18.202 kid1| 29,2| UserRequest.cc(203) authenticate: need to challenge client 'TlRMTVNTUAACAAAADgAOADgAAAAVgonig5b0rgxfAqwAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAD5e29xRTNQBAAAAAA=='! 2018/09/14 13:39:18| negotiate_wrapper: Return 'TT TlRMTVNTUAACAAAADgAOADgAAAAVgoni/IpqOarkGm0AAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAF7Y3NxRTNQBAAAAAA== ' 2018/09/14 13:39:18.212 kid1| 29,4| UserRequest.cc(311) HandleReply: Need to challenge the client with a server token: 'TlRMTVNTUAACAAAADgAOADgAAAAVgoni/IpqOarkGm0AAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAF7Y3NxRTNQBAAAAAA==' 2018/09/14 13:39:18.212 kid1| 29,2| UserRequest.cc(203) authenticate: need to challenge client 'TlRMTVNTUAACAAAADgAOADgAAAAVgoni/IpqOarkGm0AAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAF7Y3NxRTNQBAAAAAA=='! 2018/09/14 13:39:18| negotiate_wrapper: Return 'TT TlRMTVNTUAACAAAADgAOADgAAAAVgoniE4M9MFIcoxQAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAIoG3dxRTNQBAAAAAA== ' 2018/09/14 13:39:18.213 kid1| 29,4| UserRequest.cc(311) HandleReply: Need to challenge the client with a server token: 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniE4M9MFIcoxQAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAIoG3dxRTNQBAAAAAA==' 2018/09/14 13:39:18.213 kid1| 29,2| UserRequest.cc(203) authenticate: need to challenge client 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniE4M9MFIcoxQAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAIoG3dxRTNQBAAAAAA=='! 2018/09/14 13:39:18| negotiate_wrapper: Return 'TT TlRMTVNTUAACAAAADgAOADgAAAAVgoniyKjYPBGi9DAAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIADpT4NxRTNQBAAAAAA== ' 2018/09/14 13:39:18.234 kid1| 29,4| UserRequest.cc(311) HandleReply: Need to challenge the client with a server token: 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniyKjYPBGi9DAAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIADpT4NxRTNQBAAAAAA==' 2018/09/14 13:39:18.235 kid1| 29,2| UserRequest.cc(203) authenticate: need to challenge client 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniyKjYPBGi9DAAAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIADpT4NxRTNQBAAAAAA=='! 2018/09/14 13:39:18| negotiate_wrapper: Got 'KK TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPTClxtLRmctSfR7SLfnA2O0UATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6IIRx8JJesRgbGAVoQxrwAQEAAAAAAABe2NzcUUzUATZJB+HrulrgAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAF7Y3NxRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAyh1ssj6oWg4B+eQjlqv2aA==' from squid (length: 683). 2018/09/14 13:39:18| negotiate_wrapper: Decode 'TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPTClxtLRmctSfR7SLfnA2O0UATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6IIRx8JJesRgbGAVoQxrwAQEAAAAAAABe2NzcUUzUATZJB+HrulrgAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAF7Y3NxRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAyh1ssj6oWg4B+eQjlqv2aA==' (decoded length: 510). 2018/09/14 13:39:18| negotiate_wrapper: received type 3 NTLM token 2018/09/14 13:39:18| negotiate_wrapper: Return 'AF = crystall ' 2018/09/14 13:39:18.297 kid1| 29,4| UserRequest.cc(336) HandleReply: authenticated user crystall 2018/09/14 13:39:18.297 kid1| 29,4| UserRequest.cc(355) HandleReply: Successfully validated user via Negotiate. Username 'crystall' 2018/09/14 13:39:18.297 kid1| 29,2| User.cc(227) addIp: user 'crystall' has been seen at a new IP address (192.168.0.2:53116) 2018/09/14 13:39:18| negotiate_wrapper: Got 'KK TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPNdmk9QQok2ZtAJi07Aft0EUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIdVVkN6UlIPyfEZl+tFbZAQEAAAAAAAA6U+DcUUzUAbDPblk1F39AAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIADpT4NxRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAASlVupH80E90xsICozM0MDw==' from squid (length: 683). 2018/09/14 13:39:18| negotiate_wrapper: Decode 'TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPNdmk9QQok2ZtAJi07Aft0EUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIdVVkN6UlIPyfEZl+tFbZAQEAAAAAAAA6U+DcUUzUAbDPblk1F39AAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIADpT4NxRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAASlVupH80E90xsICozM0MDw==' (decoded length: 510). 2018/09/14 13:39:18| negotiate_wrapper: received type 3 NTLM token 2018/09/14 13:39:18| negotiate_wrapper: Got 'KK TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPktrvZwcp20ZMz2vUT1MqrEUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/ktNdTT5cV4Jw+7d4icVSAQEAAAAAAAA+XtvcUUzUAQvLOUptjrxtAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAD5e29xRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAC9hZLo1JeXWlUlkutHco2Q==' from squid (length: 683). 2018/09/14 13:39:18| negotiate_wrapper: Decode 'TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPktrvZwcp20ZMz2vUT1MqrEUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/ktNdTT5cV4Jw+7d4icVSAQEAAAAAAAA+XtvcUUzUAQvLOUptjrxtAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAD5e29xRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAC9hZLo1JeXWlUlkutHco2Q==' (decoded length: 510). 2018/09/14 13:39:18| negotiate_wrapper: received type 3 NTLM token 2018/09/14 13:39:18| negotiate_wrapper: Got 'KK TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPcvqx2ByNCA8nHjzEmlCuRkUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV9wKDCHbAPUCj0iTVPM9cAQEAAAAAAACKBt3cUUzUAQ3p911SxBpmAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAIoG3dxRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAWt0nSXk+Ix4DbAvzOrubNA==' from squid (length: 683). 2018/09/14 13:39:18| negotiate_wrapper: Decode 'TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPcvqx2ByNCA8nHjzEmlCuRkUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV9wKDCHbAPUCj0iTVPM9cAQEAAAAAAACKBt3cUUzUAQ3p911SxBpmAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIAIoG3dxRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAWt0nSXk+Ix4DbAvzOrubNA==' (decoded length: 510). 2018/09/14 13:39:18| negotiate_wrapper: received type 3 NTLM token 2018/09/14 13:39:18| negotiate_wrapper: Got 'KK TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPsug30D9/WWwwJJE0C5LgOUUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABB9ekE7/+TbqkYU6Gx64qAQEAAAAAAAC6l9rcUUzUAS71gyhoa7SHAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIALqX2txRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAA/6MII/C9uGEWH4s9EE+W/g==' from squid (length: 683). 2018/09/14 13:39:18| negotiate_wrapper: Decode 'TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPsug30D9/WWwwJJE0C5LgOUUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABB9ekE7/+TbqkYU6Gx64qAQEAAAAAAAC6l9rcUUzUAS71gyhoa7SHAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIALqX2txRTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAA/6MII/C9uGEWH4s9EE+W/g==' (decoded length: 510). 2018/09/14 13:39:18| negotiate_wrapper: received type 3 NTLM token 2018/09/14 13:39:18| negotiate_wrapper: Return 'AF = crystall ' 2018/09/14 13:39:18.326 kid1| 29,4| UserRequest.cc(336) HandleReply: authenticated user crystall 2018/09/14 13:39:18.326 kid1| 29,4| UserRequest.cc(355) HandleReply: Successfully validated user via Negotiate. Username 'crystall' 2018/09/14 13:39:18| negotiate_wrapper: Return 'AF = crystall ' 2018/09/14 13:39:18.331 kid1| 29,4| UserRequest.cc(336) HandleReply: authenticated user crystall 2018/09/14 13:39:18.331 kid1| 29,4| UserRequest.cc(355) HandleReply: Successfully validated user via Negotiate. Username 'crystall' 2018/09/14 13:39:18| negotiate_wrapper: Return 'AF = crystall ' 2018/09/14 13:39:18.335 kid1| 29,4| UserRequest.cc(336) HandleReply: authenticated user crystall 2018/09/14 13:39:18.335 kid1| 29,4| UserRequest.cc(355) HandleReply: Successfully validated user via Negotiate. Username 'crystall' 2018/09/14 13:39:18| negotiate_wrapper: Return 'AF = crystall ' 2018/09/14 13:39:18.340 kid1| 29,4| UserRequest.cc(336) HandleReply: authenticated user crystall 2018/09/14 13:39:18.340 kid1| 29,4| UserRequest.cc(355) HandleReply: Successfully validated user via Negotiate. Username 'crystall' 2018/09/14 13:39:18.340 kid1| ICP is disabled! Cannot send ICP request to peer. 2018/09/14 13:39:18.340 kid1| ICP is disabled! Cannot send ICP request to peer. 2018/09/14 13:39:18.779 kid1| 29,4| UserRequest.cc(294) authenticate: No Proxy-Auth header and no working alternative. Requesting auth header. 2018/09/14 13:39:18.782 kid1| 29,4| UserRequest.cc(354) authenticate: No connection authentication type 2018/09/14 13:39:18| negotiate_wrapper: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKAKs/AAAADw==' from squid (length: 59). 2018/09/14 13:39:18| negotiate_wrapper: Decode 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKAKs/AAAADw==' (decoded length: 42). 2018/09/14 13:39:18| negotiate_wrapper: received type 1 NTLM token 2018/09/14 13:39:18| negotiate_wrapper: Return 'TT TlRMTVNTUAACAAAADgAOADgAAAAVgoni6re6l3Xwbr4AAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIANJNNN1RTNQBAAAAAA== ' 2018/09/14 13:39:18.785 kid1| 29,4| UserRequest.cc(311) HandleReply: Need to challenge the client with a server token: 'TlRMTVNTUAACAAAADgAOADgAAAAVgoni6re6l3Xwbr4AAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIANJNNN1RTNQBAAAAAA==' 2018/09/14 13:39:18.785 kid1| 29,2| UserRequest.cc(203) authenticate: need to challenge client 'TlRMTVNTUAACAAAADgAOADgAAAAVgoni6re6l3Xwbr4AAAAAAAAAAJwAnABGAAAABgEAAAAAAA9FAEwARQBDAEMAQQBWAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIANJNNN1RTNQBAAAAAA=='! 2018/09/14 13:39:18| negotiate_wrapper: Got 'KK TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPZToO29GZi9mTSaZo7kC+uEUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMCXZljnEcJGfczvMrEXsbAQEAAAAAAADSTTTdUUzUATkI4mevwzXdAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIANJNNN1RTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAxTDFbTI2R1oQS5sjProTRQ==' from squid (length: 683). 2018/09/14 13:39:18| negotiate_wrapper: Decode 'TlRMTVNTUAADAAAAGAAYAIwAAABIAUgBpAAAAA4ADgBYAAAAEAAQAGYAAAAWABYAdgAAABAAEADsAQAAFYKI4goAqz8AAAAPZToO29GZi9mTSaZo7kC+uEUATABFAEMAQwBBAFYAYwByAHkAcwB0AGEAbABsAEMATABJAC0AUgBFAEQARQBTAC0AMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMCXZljnEcJGfczvMrEXsbAQEAAAAAAADSTTTdUUzUATkI4mevwzXdAAAAAAIADgBFAEwARQBDAEMAQQBWAAEAGgBTAFIAVgAtAFMAUQBVAEkARAAtAEsAUgBCAAQAHABlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUAAwA4AHMAcgB2AC0AcwBxAHUAaQBkAC0AawByAGIALgBlAGwAZQBjAGMAYQB2AC4AdQBuAGUALgBjAHUABwAIANJNNN1RTNQBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAANSO8haD472JTKKOF8vBYpu8Z0WdTYbu7c7tqLmb/9ooCgAQAAAAAAAAAAAAAAAAAAAAAAAJACQASABUAFQAUAAvADEANwAyAC4AMQA5AC4AMgAyADQALgA0ADYAAAAAAAAAAAAAAAAAxTDFbTI2R1oQS5sjProTRQ==' (decoded length: 510). 2018/09/14 13:39:18| negotiate_wrapper: received type 3 NTLM token 2018/09/14 13:39:18| negotiate_wrapper: Return 'AF = crystall Access.log 1536946843.113 66541 192.168.0.2 TCP_TUNNEL/200 3806 CONNECT www.facebook.com:443 crystall FIRSTUP_PARENT/PARENT_PROXY_IP The question is, that only NTLM works, I've tried with Internet Explorer, Google Chrome and Firefox. The other thing is that he never asks for username and password, he uses the user credentials that he initiates session to work (I do not know if this is the correct operation). What could be happening? Sorry for the long email. Gretting Yanier |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
