And the configure options are just those from Debian Unstable (I just added the --disable-optimizations to be able to debug in vscode):
./configure \
--with-build-environment=default \
--disable-optimizations \
--enable-build-info="ubuntu 22" \
--datadir=/usr/share/squid \
--sysconfdir=/etc/squid \
--libexecdir=/usr/lib/squid \
--mandir=/usr/share/man \
--enable-inline \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio="ufs,aufs,diskd,rock" \
--enable-removal-policies="lru,heap" \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \
--enable-auth-digest="file,LDAP" \
--enable-auth-negotiate="kerberos,wrapper" \
--enable-auth-ntlm="fake,SMB_LM" \
--enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group" \
--enable-security-cert-validators="fake" \
--enable-storeid-rewrite-helpers="file" \
--enable-url-rewrite-helpers="fake" \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid \
--with-logdir=/var/log/squid \
--with-pidfile=/run/squid.pid \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--enable-linux-netfilter \
--with-systemd
-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Alex Rousskov
Sent: Thursday, July 13, 2023 5:02 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: squid 6.1 - auth scheme 'ntlm' is not recognized
On 7/13/23 10:29, Francesco Chemolli wrote:
Hi Rafael,
that code was moved to a RegisteredRunner in commit
09490bb867d0b3f00a29911a65c715108e95b782 .
I'm not sure why it is not working for you
That commit broke NTLM support in some environments because the linker in those environments does not add src/auth/ntlm/Scheme.cc code to squid executable. Linkers are allowed to drop modules that they think are unused. We will need to find a solution to that problem.
Alex.
On Thu, Jul 13, 2023 at 1:38 PM Rafael Akchurin
<rafael.akchurin@xxxxxxxxxxxx <mailto:rafael.akchurin@xxxxxxxxxxxx>> wrote:
Good day everyone,
We are now trying to move the configuration with was valid and
working in Squid 5.7 to Squid 6.1 and hitting the following error:
Unknown authentication scheme 'ntlm'
The problem seem to be with the following configuration we use
(output from squid -k parse).
023/07/13 13:34:04| Processing: auth_param ntlm program
/opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| ERROR: Failure while parsing Config File:
Unknown authentication scheme 'ntlm'.
2023/07/13 13:34:04| FATAL: Bungled
/opt/websafety/etc/squid/authentication.conf line 231: auth_param
ntlm program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan
--dc1port=389
2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
Comparing the contents of squid-5.9/src/AuthReg.cc and
squid-6.1/src/AuthReg.cc it seems the support for NTLM
authentication was indeed removed from the codebase (see below).
May I ask if the NTLM scheme is not needed at all now and we should
continue using only Negotiate scheme (letting it handle the NTLM as
usual)?
Best regards,
Rafael Akchurin
Diladele B.V.
In 5.0 the AuthReg.cc was
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication
Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type =
Auth::Basic::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type =
Auth::Digest::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type =
Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << negotiate_type << "'");
#endif
#if HAVE_AUTH_MODULE_NTLM
static const char *ntlm_type =
Auth::Ntlm::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << ntlm_type << "'");
#endif
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
}
In 6.1 it is now
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29, 2, "Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type =
Auth::Basic::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" <<
basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type =
Auth::Digest::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" <<
digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type =
Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" <<
negotiate_type << "'");
#endif
}
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
--
Francesco
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
