Hi,
Now i am using Squid 3.0 STABLE20, but the problem continues.
Jose
Amos Jeffries wrote:
> Jose Lopes wrote:
>> Hi,
>>
>> I have the same problem. I have already set
>> network.negotiate-auth.trusted-uris to proxy domain. At the
>> firefox (FF) log appears: 0[825140]: service = squid.domain
>> 0[825140]: using negotiate-sspi 0[825140]: nsAuthSSPI::Init
>> 0[825140]: InitSSPI 0[825140]: Using SPN of [HTTP/squid.domain]
>> 0[825140]: nsHttpNegotiateAuth::GenerateCredentials()
>> [challenge=Negotiate] 0[825140]: entering
>> nsAuthSSPI::GetNextToken() 0[825140]: Sending a token of length
>> 40 0[825140]: nsHttpNegotiateAuth::GenerateCredentials()
>> [challenge=Negotiate] 0[825140]: entering
>> nsAuthSSPI::GetNextToken() 0[825140]: Cannot restart
>> authentication sequence!
>>
>> The http messages between squid an FF are:
>>
>> FF -> SQUID GET http://www.squid-cache.org/ HTTP/1.1 [...]
>>
>> SQUID -> FF HTTP/1.0 407 Proxy Authentication Required Server:
>> squid/3.0.STABLE14 [...] Proxy-Authenticate: Negotiate [...]
>>
>
> I know you seem to have tracked it down to a FF bug (maybe).
>
> But I'm wondering if all this checking and testing with
> 3.0.STABLE15 is worth it? Negotiate helper had an upgrade in
> STABLE16.
>
> Also, the way Squid let NTLM/Negotiate helpers became deferred and
> 'leaked' was fixed in STABLE19. That one is likely to hit as soon
> as this initial problem is resolved.
>
> I really would not recommend using anything less than STABLE19 with
> NTLM/Negotiate helpers.
>
> Amos
Received on Tue Jan 19 2010 - 13:20:17 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 19 2010 - 12:00:04 MST