Hi,
At 22.22 07/11/2005, Ian Barnes wrote:
>Our squid.conf looks like this:
>auth_param ntlm program /usr/local/libexec/squid/ntlm_auth
>--helper-protocol=squid-2.5-ntlmssp -d9
>auth_param ntlm max_challenge_reuses 0
>auth_param ntlm max_challenge_lifetime 2 minutes
>auth_param ntlm children 2
Wonder, even you have done a very detailed report, you don't have
read squid.conf comments before .... :-)
From 2.5 STABLE12 squid.conf:
# "use_ntlm_negotiate" on|off
# Enables support for NTLM NEGOTIATE packet exchanges with the helper.
# The configured ntlm authenticator must be able to handle NTLM
# NEGOTIATE packet. See the authenticator programs documentation if
# unsure. ntlm_auth from Samba-3.0.2 or later supports the use of this
# option.
# The NEGOTIATE packet is required to support NTLMv2 and a
# number of other negotiable NTLMSSP options, and also makes it
# more likely the negotiation is successful.
So in squid.conf you need:
auth_param ntlm use_ntlm_negotiate on
Please note:
auth_param ntlm children 2
It is a very too low value, on a loaded proxy you must set this value
to a more higher value as 20, 30 or more. You must monitor the
helpers usage to find the correct value.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Mon Nov 07 2005 - 14:44:50 MST
This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST