On 29/09/18 10:23 PM, Marko Cupać wrote: > On Sat, 29 Sep 2018 11:17:49 +1200 > Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > >> On 29/09/18 3:56 AM, Marko Cupać wrote: >>> Hi, >>> >>> I am testing migration of my AD-authenticated (kerberos + ntlm) 3.5 >>> setup to 4.1. I noticed there are no usernames in access.log, just >>> "*" for served pages, "-" for 407s. >>> >>> How can I get usernames in my access.log again? >> >> What is your auth_param config? >> >> It sounds to me like you are using a "Negotiate/NTLM" auth helper for >> "NTLM" authentication. > > Hi, > > Here's relevant part of squid.conf: > > # AUTHENTICATION HELPERS > auth_param negotiate program \ > /usr/local/libexec/squid/negotiate_wrapper_auth \ > --ntlm /usr/local/bin/ntlm_auth --helper-protocol=gss-spnego \ --helper-protocol=gss-spnego is telling the samba helper to use Negotiate protocol, but the wrapper is expecting NTLM protocol and mapping them. Please try --helper-protocol=squid-2.5-ntlmssp > --domain=MIMAR \ > --kerberos /usr/local/libexec/squid/negotiate_kerberos_auth \ > -d -r -s GSS_C_NO_NAME > auth_param negotiate children 20 startup=0 idle=1 > auth_param negotiate keep_alive on > > I am not sure what exactly authenticates, kerberos or NTLM. > > Thank you in advance for any pointers, > Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
