And the configure options are just those from Debian Unstable (I just added the --disable-optimizations to be able to debug in vscode): ./configure \ --with-build-environment=default \ --disable-optimizations \ --enable-build-info="ubuntu 22" \ --datadir=/usr/share/squid \ --sysconfdir=/etc/squid \ --libexecdir=/usr/lib/squid \ --mandir=/usr/share/man \ --enable-inline \ --disable-arch-native \ --enable-async-io=8 \ --enable-storeio="ufs,aufs,diskd,rock" \ --enable-removal-policies="lru,heap" \ --enable-delay-pools \ --enable-cache-digests \ --enable-icap-client \ --enable-follow-x-forwarded-for \ --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \ --enable-auth-digest="file,LDAP" \ --enable-auth-negotiate="kerberos,wrapper" \ --enable-auth-ntlm="fake,SMB_LM" \ --enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group" \ --enable-security-cert-validators="fake" \ --enable-storeid-rewrite-helpers="file" \ --enable-url-rewrite-helpers="fake" \ --enable-eui \ --enable-esi \ --enable-icmp \ --enable-zph-qos \ --enable-ecap \ --disable-translation \ --with-swapdir=/var/spool/squid \ --with-logdir=/var/log/squid \ --with-pidfile=/run/squid.pid \ --with-filedescriptors=65536 \ --with-large-files \ --with-default-user=proxy \ --enable-linux-netfilter \ --with-systemd -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Alex Rousskov Sent: Thursday, July 13, 2023 5:02 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: squid 6.1 - auth scheme 'ntlm' is not recognized On 7/13/23 10:29, Francesco Chemolli wrote: > Hi Rafael, > that code was moved to a RegisteredRunner in commit > 09490bb867d0b3f00a29911a65c715108e95b782 . > I'm not sure why it is not working for you That commit broke NTLM support in some environments because the linker in those environments does not add src/auth/ntlm/Scheme.cc code to squid executable. Linkers are allowed to drop modules that they think are unused. We will need to find a solution to that problem. Alex. > On Thu, Jul 13, 2023 at 1:38 PM Rafael Akchurin > <rafael.akchurin@xxxxxxxxxxxx <mailto:rafael.akchurin@xxxxxxxxxxxx>> wrote: > > Good day everyone, > > We are now trying to move the configuration with was valid and > working in Squid 5.7 to Squid 6.1 and hitting the following error: > Unknown authentication scheme 'ntlm' > > The problem seem to be with the following configuration we use > (output from squid -k parse). > > 023/07/13 13:34:04| Processing: auth_param ntlm program > /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389 > 2023/07/13 13:34:04| ERROR: Failure while parsing Config File: > Unknown authentication scheme 'ntlm'. > 2023/07/13 13:34:04| FATAL: Bungled > /opt/websafety/etc/squid/authentication.conf line 231: auth_param > ntlm program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan > --dc1port=389 > 2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally. > > Comparing the contents of squid-5.9/src/AuthReg.cc and > squid-6.1/src/AuthReg.cc it seems the support for NTLM > authentication was indeed removed from the codebase (see below). > > May I ask if the NTLM scheme is not needed at all now and we should > continue using only Negotiate scheme (letting it handle the NTLM as > usual)? > > Best regards, > Rafael Akchurin > Diladele B.V. > > > In 5.0 the AuthReg.cc was > > /** > * Initialize the authentication modules (if any) > * This is required once, before any configuration actions are taken. > */ > void > Auth::Init() > { > debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication > Schemes ..."); > #if HAVE_AUTH_MODULE_BASIC > static const char *basic_type = > Auth::Basic::Scheme::GetInstance()->type(); > debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication > Scheme '" << basic_type << "'"); > #endif > #if HAVE_AUTH_MODULE_DIGEST > static const char *digest_type = > Auth::Digest::Scheme::GetInstance()->type(); > debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication > Scheme '" << digest_type << "'"); > #endif > #if HAVE_AUTH_MODULE_NEGOTIATE > static const char *negotiate_type = > Auth::Negotiate::Scheme::GetInstance()->type(); > debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication > Scheme '" << negotiate_type << "'"); > #endif > #if HAVE_AUTH_MODULE_NTLM > static const char *ntlm_type = > Auth::Ntlm::Scheme::GetInstance()->type(); > debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication > Scheme '" << ntlm_type << "'"); > #endif > debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication."); > } > > > In 6.1 it is now > > > > /** > * Initialize the authentication modules (if any) > * This is required once, before any configuration actions are taken. > */ > void > Auth::Init() > { > debugs(29, 2, "Initializing Authentication Schemes ..."); > #if HAVE_AUTH_MODULE_BASIC > static const char *basic_type = > Auth::Basic::Scheme::GetInstance()->type(); > debugs(29, 2, "Initialized Authentication Scheme '" << > basic_type << "'"); > #endif > #if HAVE_AUTH_MODULE_DIGEST > static const char *digest_type = > Auth::Digest::Scheme::GetInstance()->type(); > debugs(29, 2, "Initialized Authentication Scheme '" << > digest_type << "'"); > #endif > #if HAVE_AUTH_MODULE_NEGOTIATE > static const char *negotiate_type = > Auth::Negotiate::Scheme::GetInstance()->type(); > debugs(29, 2, "Initialized Authentication Scheme '" << > negotiate_type << "'"); > #endif > } > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > http://lists.squid-cache.org/listinfo/squid-users > <http://lists.squid-cache.org/listinfo/squid-users> > > > > -- > Francesco > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
