[squid-users] RE: NTLM error

From: Dawie Pretorius <dawie_at_tradebridge.co.za>
Date: Fri, 19 Mar 2010 13:48:43 +0200

Hi is it possible that someone can come back to me on this request.

Thank you

Dawie Pretorius

-----Original Message-----
From: Dawie Pretorius [mailto:dawie_at_tradebridge.co.za]
Sent: 11 March 2010 10:40 AM
To: squid-users_at_squid-cache.org
Subject: [squid-users] NTLM error

Hi,

I continually have this error inside my /var/log/squid/cache.log:

[2010/03/05 12:40:02, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
  got NTLMSSP command 3, expected 1

And getting a authentication pop up.

I found this article about this issue:

http://www1.il.squid-cache.org/mail-archive/squid-dev/200906/0041.html

This article states that there is a workaround:

"The workaround is pretty simple - just enable the IP auth cache."

I need to know how to enable my IP auth cache to "workaround" this problem? Please advise me if I'm interpreting this incorrectly?

Here is my squid.conf:

http_port 0.0.0.0:3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
dns_nameservers 168.210.2.2 196.14.239.2
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl manager proto cache_object
acl localnet src 172.16.0.0/12
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443 21
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 89
acl Safe_ports port 119
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl update-micro-dom dstdomain .microsoft.com
acl update-micro-dom dstdomain .windowsupdate.com
http_access allow update-micro-dom
acl cape_town src 172.16.38.0/23
http_access allow cape_town
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=S-1-5-21-1070830588-1373467647-793153460-513
auth_param ntlm children 150
auth_param ntlm keep_alive on
acl ntlm proxy_auth REQUIRED
http_access allow localhost ntlm
http_access allow localhost
http_reply_access allow all
icp_access allow all
cache_mgr hbops_at_XXXXXXXX.co.za
visible_hostname ZATBIMPROXY01
client_db on
acl FTP proto FTP
always_direct allow FTP
snmp_port 3401
coredump_dir /var/spool/squid

Thanks in advance!

Regards,
Dawie
 
Note: Privileged/Confidential information may be contained in this message and may be subject to legal privilege. Access to this e-mail by anyone other than the intended is unauthorised. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver to anyone this message (or any part of its contents ) or take any action in reliance on it. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. As our company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments we recommend that you subject these to your virus checking procedures prior to use. The views, opinions, conclusions and other information expressed in this electronic mail are not given or endorsed by the company unless otherwise indicated by an authorized representative independent of this message.
 
Note: Privileged/Confidential information may be contained in this message and may be subject to legal privilege. Access to this e-mail by anyone other than the intended is unauthorised. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver to anyone this message (or any part of its contents ) or take any action in reliance on it. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. As our company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments we recommend that you subject these to your virus checking procedures prior to use. The views, opinions, conclusions and other information expressed in this electronic mail are not given or endorsed by the company unless otherwise indicated by an authorized representative independent of this message.
Received on Fri Mar 19 2010 - 11:49:06 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 19 2010 - 12:00:05 MDT