[squid-users] Re: NTLM/Kerberos Authentication with Windows 7 from Markus Moeller on 2011-03-10 (squid-users)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Fri, 11 Mar 2011 00:42:25 -0000

Hi Wolfgang,

You could try my new negotiate wrapper
http://sourceforge.net/projects/squidkerbauth/files/negotiate_wrapper/negotiate_wrapper-1.0.0/negotiate_wrapper-1.0.0.tar.gz/download

Usage:

auth_param negotiate program /usr/sbin/negotiate_wrapper [-d] --ntlm
<ntlm-helper with args> --kerberos <kerberos-helper with args>

example:

auth_param negotiate program /usr/sbin/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
/usr/sbin/squid_kerb_auth -d -s GSS_C_NO_NAME

Markus

"Henickl Wolfgang" <Wolfgang.Henickl_at_apa.at> wrote in message
news:D4C860F6883E8B45815499F357CE011C078AFB19_at_APAXPCL3.lan.apa.at...
> Thanks for the reply!
>
> The major problem is, that the changes in Security Policy of Windows 7
> hasn't changed a thing. But I will try it again, therefore my question. I
> am also unsure, because in Windows 7 a new WinHTTP Version is included,
> which may also cause problems.
>
> Is there anything, which should be considered, configuring/activating NTLM
> and Kerberos at the same time in Squid?
>
> Kind regards
> Wolfgang
>
> -----Ursprüngliche Nachricht-----
> Von: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Gesendet: Donnerstag, 03. März 2011 03:56
> An: squid-users_at_squid-cache.org
> Betreff: Re: [squid-users] NTLM/Kerberos Authentication with Windows 7
>
>
> On Wed, 2 Mar 2011 13:58:04 +0100, Henickl Wolfgang wrote:
>> Hello,
>> I am looking for a solution of strange Problem. It seems that WinHTTP
>> Programs under Windows 7 tend to use Kerberos Authentication, instead
>> of
>> NTLM. The problem is, that I am working behind a Squid Proxy that is
>> only configured for NTLM.
>>
>> Do somebody know which settings I should modify?
>> Is there a setting required for "Network security: LAN Manager
>> authentication level" under Windows 7?
>> Are there known problems with such a configuration or any FAQs for
>> troubleshooting such environments?
>
> Sounds like you have found the problem already. The solution is to
> either disable the Kerberos security on Windows 7 (rendering the network
> back down to NTLM / NT 4.0 LanManager security levels) or upgrade your
> squid to accept Kerberos.
>
> The squid wiki has config tutorilas on Kerberos for Squid. It's usually
> not too painful add in parallel with NTLM.
>
> Amos
>
>
Received on Fri Mar 11 2011 - 00:45:18 MST

This archive was generated by hypermail 2.2.0 : Sat Mar 12 2011 - 12:00:01 MST