On 23/07/19 7:53 am, zby wrote: > My problem: my browser keeps on prompting for authentication. > Facts: > > Debian 10 x86_64 > squid-4.6 + samba-4.9 > joined AD using "net ads join -U ...". OK. > wbinfo -t : OK > wbinfo -P or -p : OK > wbinfo -i userXYZ : returns data (OK) > wbinfo -g (well, fails to "deliver", too many users?) > smbclient -U userXYZ //host/share : works, logs me in This is irrelevant to Squid. It only tells that the user account has filesystem access privileges. Nothing about web access privileges, or whether the *Squid* user account has access to authenticate user logins. > > wbinfo -a domain\\user%pass: > plaintext password authentication succeeded "plaintext" means Basic authentication. > challenge/response password authentication failed > Challenge/Response could mean anything auth related. > sqadmin@host13:~$ ntlm_auth --helper-protocol=squid-2.5-ntlmssp > --domain=ad001 > userw01 Passwd001 > SPNEGO request [userw01 Passwd001] invalid prefix > BH SPNEGO request invalid prefix > "userw01 Passwd001" is not a SPNEGO token. see <https://wiki.squid-cache.org/Features/AddonHelpers#Negotiate_and_NTLM_Scheme> Pass the helper the "KK" request command and the token you see in the HTTP headers. For example: KK TlRMTVNTUAADAAAAGAAYAIwAAABOAU4BpAAAAAoACgBYAAAAEAAQAGIAAAAa... Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
