Re: [squid-users] Which NTLM helper are we supposed to use in 3.2?

From: Amos Jeffries <>
Date: Tue, 23 Aug 2011 23:54:56 +1200

On 23/08/11 23:12, Alex Crow wrote:
> Hi,
> With NTLM auth in the past instructions have stated not to use the
> helper supplied with Squid but the one from Samba. Is that still the
> case or should we be using the newer helper "ntlm_smb_lm_auth"?

ntlm_smb_lm_auth is a simple renaming of the old Squid helper to avoid
the confusion between the two. Still recommended to avoid when any type
of security is needed.

The Samba helper remains recommended. It supports NTLMv2 and the session
security features.

FWIW: The difference between the two is that Samba helper performs
NTLMv1 or NTLMv2. The Squid one is actually performing the older SMB LM
protocol that came before NT LM was invented. Thus the name.

> I am asking this as since I have been testing with squid 3.2 I have
> noticed some odd things related to auth and the external acl helper for
> nt groups (ext_wbinfo_group_acl) in that every so often squid seems to
> think I'm not in a group when I am - despite ext_wbinfo_group_acl
> working fine when I send hundreds of requests a second to it.

I think this effect is more related to the problems we are seeing with
Squid-3.2 "loosing" credentials if they expire mid-way thorough the
processing of a request.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for
Received on Tue Aug 23 2011 - 11:55:02 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 30 2011 - 12:00:02 MDT