Hello
I am able to authenticate user agents via "Negotiate" with following:
auth_param negotiate program /usr/lib64/squid/squid_kerb_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
I've configured binding with mskutil and with IE, Mozilla, some other
apps everything works fine - there is no username/password popup, it's
transparent.
Before I did it with winbind, but was getting password popup windows.
When I try to use Opera browser I am getting ugly message after
entering credentials:
authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error returned 'BH received type 1 NTLM token'
I've checked communication between proxy and browser via Wireshark and
I see that Opera is negotiating with NTLMSSP, with string "Negotiate"
with OS revision version (testing with Windows 7 clients).
My goal is to replace ISA with Group+pass AD authentication with Squid
and have transparent proxying on IE and with other clients with popup
windows :)
Is there any "universal", well tested configuration/manual that will
make all clients work?
If there is a need in a research - I can join.
Squid versions available: 2.7.x, 3.1.16, 3.2.0.14, custom-compiled RPM
OS: RHEL5
Thanks
Best regards,
George Machitidze
Received on Thu Jan 12 2012 - 08:37:58 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 12:00:02 MST