Hi Eugene,
I created another helper called negotiate_wrapper which is part of squid
3.2 (although there is a bug in squid 3.2 which means Negotiate/ntlm is not
working with squid 3.2) . Anyway the wrapper work fine with squid 3.1 and
3.0.
The config is:
#
# Negotiate/Kerberos and Negotiate/NTLM
#
auth_param negotiate program
/opt/squid-3.2/libexec/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
/opt/squid-3.2/libexec/negotiate_kerberos_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 20 startup=5 idle=5
auth_param negotiate keep_alive on
#
# NTLM
#
auth_param ntlm program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20 startup=5 idle=5
auth_param ntlm keep_alive on
Markus
"Eugene M. Zheganin" <eugene_at_zhegan.in> wrote in message
news:4DCD1EEF.4060508_at_zhegan.in...
> Hi.
>
> I wanted to ask is there any progress or solution/workaround to this
> problem ?
>
> Once per 3-4 months I'm trying to deploy a negotiate authentication
> scheme; the majority of clients works just fine, but some of the clients
> (and each time these are some important ones) start to sending NTLM tokens
> instead of negotiate ones. About a year ago Markus told that he's on the
> way to squid_nego_auth helpers, but, as far as I understand, there was
> some serious problems.
>
> Can I offer some help ? My skills in C are low, and my knowledge of
> NTLM/Kerberos is even lower, so I can provide only testing/debugging help,
> but I can do this in harsh environment of hundreds of clients. :P
>
> Eugene.
>
Received on Fri May 13 2011 - 18:01:59 MDT
This archive was generated by hypermail 2.2.0 : Sat May 14 2011 - 12:00:01 MDT