[squid-users] Re: NTLM/Kerberos Authentication with Windows 7

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Fri, 11 Mar 2011 22:17:13 -0000

Please use
http://sourceforge.net/projects/squidkerbauth/files/negotiate_wrapper/negotiate_wrapper-1.0.1/negotiate_wrapper-1.0.1.tar.gz/download
as I had overlooked an issue.

Markus

"Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
news:ilbr5s$iuc$1_at_dough.gmane.org...
> Hi Wolfgang,
>
> You could try my new negotiate wrapper
> http://sourceforge.net/projects/squidkerbauth/files/negotiate_wrapper/negotiate_wrapper-1.0.0/negotiate_wrapper-1.0.0.tar.gz/download
>
> Usage:
>
> auth_param negotiate program /usr/sbin/negotiate_wrapper [-d] --ntlm
> <ntlm-helper with args> --kerberos <kerberos-helper with args>
>
> example:
>
> auth_param negotiate program /usr/sbin/negotiate_wrapper -d --ntlm
> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
> /usr/sbin/squid_kerb_auth -d -s GSS_C_NO_NAME
>
>
>
> Markus
>
>
> "Henickl Wolfgang" <Wolfgang.Henickl_at_apa.at> wrote in message
> news:D4C860F6883E8B45815499F357CE011C078AFB19_at_APAXPCL3.lan.apa.at...
>> Thanks for the reply!
>>
>> The major problem is, that the changes in Security Policy of Windows 7
>> hasn't changed a thing. But I will try it again, therefore my question. I
>> am also unsure, because in Windows 7 a new WinHTTP Version is included,
>> which may also cause problems.
>>
>> Is there anything, which should be considered, configuring/activating
>> NTLM and Kerberos at the same time in Squid?
>>
>> Kind regards
>> Wolfgang
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
>> Gesendet: Donnerstag, 03. März 2011 03:56
>> An: squid-users_at_squid-cache.org
>> Betreff: Re: [squid-users] NTLM/Kerberos Authentication with Windows 7
>>
>>
>> On Wed, 2 Mar 2011 13:58:04 +0100, Henickl Wolfgang wrote:
>>> Hello,
>>> I am looking for a solution of strange Problem. It seems that WinHTTP
>>> Programs under Windows 7 tend to use Kerberos Authentication, instead
>>> of
>>> NTLM. The problem is, that I am working behind a Squid Proxy that is
>>> only configured for NTLM.
>>>
>>> Do somebody know which settings I should modify?
>>> Is there a setting required for "Network security: LAN Manager
>>> authentication level" under Windows 7?
>>> Are there known problems with such a configuration or any FAQs for
>>> troubleshooting such environments?
>>
>> Sounds like you have found the problem already. The solution is to
>> either disable the Kerberos security on Windows 7 (rendering the network
>> back down to NTLM / NT 4.0 LanManager security levels) or upgrade your
>> squid to accept Kerberos.
>>
>> The squid wiki has config tutorilas on Kerberos for Squid. It's usually
>> not too painful add in parallel with NTLM.
>>
>> Amos
>>
>>
>
>
>
Received on Fri Mar 11 2011 - 22:20:07 MST

This archive was generated by hypermail 2.2.0 : Sat Mar 12 2011 - 12:00:01 MST