Re: [squid-users] Problems while trying to authenticate using NTML

From: Matt Alexander <[email protected]>
Date: Wed, 10 Nov 2004 12:43:48 -0700

Should use_ntlm_negotiate be set to on? Here's what I have in my squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 30 minutes

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Web Proxy
auth_param basic credentialsttl 2 hours

On Wed, 10 Nov 2004 14:56:28 GMT, jamunoz@cast-info.es
<jamunoz@cast-info.es> wrote:
> Of course,
>
> ######################
> auth_param basic program /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Credit Andorra
> auth_param basic credentialsttl 2 hours
>
> auth_param ntlm program /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm use_ntlm_negotiate off
>
> external_acl_type NT_global_group children=4 %LOGIN
> /usr/local/squidNG/libexec/wbinfo_group.pl
> acl Internet_HTTP external NT_global_group
> "/usr/local/squidNG/etc/usuarios_http"
> acl Internet_HTTP_Restringit external NT_global_group
> "/usr/local/squidNG/etc/usuarios_http_restringit"
> acl Internet_FTP external NT_global_group
> "/usr/local/squidNG/etc/usuarios_ftp"
> acl Internet_FTP_Restringit external NT_global_group
> "/usr/local/squidNG/etc/usuarios_ftp_restringit"
> ##########################################################
>
>
>
>
> ----- Original Message -----
> From: Matt Alexander <lowbassman@gmail.com>
> Date: Wednesday, November 10, 2004 2:47 pm
> Subject: Re: [squid-users] Problems while trying to authenticate using NTML
>
> > Can you send us the part of your squid.conf that's doing the
> > authentication?
> >
> >
> > On Wed, 10 Nov 2004 11:49:32 GMT, jamunoz@cast-info.es
> > <jamunoz@cast-info.es> wrote:
> > > Hello list,
> > >
> > > I just have compiled, configured and get working squid
> > authenticating> against an Active Directory. I have set up what
> > groups or users are
> > > allowed to concrete resources, and is working well.
> > >
> > > The tests were done with a Mozilla browser, so everytime I
> > started the
> > > Mozilla I need to put the username/domain/password in the PopUp. But
> > > once I try to do it with Windows the PopUp is still emerging (and
> > yes I
> > > have configured auth_param ntlm options)
> > >
> > > Bellow is the captured dialog between the browser and the Squid,
> > you can
> > > see how "Proxy-Authenticate: NTLM" header is showed to the
> > browser, but
> > > it is beneath "Proxy-Authenticate: Basic" header; and I suspect
> > MSIE so
> > > can't handle the NTLM one.
> > >
> > > Do you know if its possible to change the order that is shown the
> > > Proxy-Authenticate headers??
> > >
> > > GET
> > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome>
> > HTTP/1.1> Accept: */*
> > > Accept-Language: es
> > > Accept-Encoding: gzip, deflate
> > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0)
> > > Host: www.microsoft.com
> > > Proxy-Connection: Keep-Alive
> > > Cookie:
> > MC1=GUID=272912df2048ef4c95f806c79e6d07ad&HASH=df12&LV=200411&V=3>
> > > HTTP/1.0 407 Proxy Authentication Required
> > > Server: squid/2.5.STABLE7
> > > Mime-Version: 1.0
> > > Date: Wed, 10 Nov 2004 11:35:44 GMT
> > > Content-Type: text/html
> > > Content-Length: 1383
> > > Expires: Wed, 10 Nov 2004 11:35:44 GMT
> > > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> > > Proxy-Authenticate: Basic realm="Andorra"
> > > Proxy-Authenticate: NTLM
> > > X-Cache: MISS from srvproxy.andorra.ad
> > > Proxy-Connection: close
> > >
> > > Thanks a lot,
> > >
> > > Agustin
> > >
> > >
> >
> >
> > --
> > Get Firefox!
> > http://www.mozilla.org/products/firefox/
> >
> >
>
>

-- 
Get Firefox!
http://www.mozilla.org/products/firefox/
Received on Wed Nov 10 2004 - 12:43:50 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST