We've recently rolled out Squid 2.6STABLE13, from 2.5STABLE12,
and are having an issue with NTLM authentication.
Several applications have stopped authenticating correctly since
this upgrade. They used to do Basic authentication in the past,
but now it appears that they are attempting to do NTLM
authentication.
One site, for example, where we're seeing this behaviour is
http://www.poems.com.sg/
Accessing this via a Squid 2.5 proxy prompts for Basic authetication,
while a Squid 2.6 triggers an NTLM authentication dialog box
(which doesn't work).
Both installs are using Samba 3.0.25a (with winbind) to support
NTLM authentication against Active Directory.
A large percentage of the errant applications seem to be using
some version of Java, but we have also had issues raised with
applications like Yahoo Messenger.
Our squid.conf's auth configuration:
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 100
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 6
auth_param basic realm Internet Access (via your Windows Username and
Password - without the Domain name)
auth_param basic credentialsttl 2 hours
What should we be looking at to better diagnose this problem?
Thanks,
David.
__
David Gameau
ISTS - Systems Infrastructure
University of South Australia
email: David.Gameau@UniSA.edu.au
phone: +61 8 302 3533
fax: +61 8 302 5800
Disclaimer: "His brain sometimes stops working." - Chiyo, Azumange Daoih
Received on Thu Jun 07 2007 - 00:16:58 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT