Re: [squid-users] Problem in squid 3.1.4

From: Joćo Paulo Ferreira <jferreira.ba_at_gmail.com>
Date: Wed, 25 Jan 2012 00:34:06 -0200

Hello Amos,

Thanks.

[squid.conf]

auth_param ntlm program /usr/bin/ntlm_auth SUCOM_NET/MUSSURUNGA
--helper-protocol=3Dsquid-2.5-ntlmssp
auth_param ntlm children 20 # Quantidade de processos ntlm abertos
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm use_ntlm_negotiate off
#auth_param ntlm max_challenge_lifetime 5 minutes
auth_param basic program /usr/bin/ntlm_auth SUCOM_NET/MUSSURUNGA
--helper-protocol=3Dsquid-2.5-basic
auth_param basic children 5
auth_param basic realm Proxy SUCOM_NET
auth_param basic credentialsttl 2 hours

I did not understand what should be done, please explain if you can get
very grateful!

On Wed, Jan 25, 2012 at 12:18 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> On 25.01.2012 13:24, Joćo Paulo Ferreira wrote:
>>
>> Hello
>>
>> Sorry my English is not the same as good.
>>
>> I have installed in my company with Squid 3.1.4 (Winbind, Samba, Kerberos),
>> but I have noticed the following message in the file caches.log
>> *
>> got NTLMSSP command 3, expected 1*
>>
>
> This is a message NTLM helpers often produce when trying to handle Kerberos packets.
>
> Without seeing the squid.conf auth_param settings you used it is hard to be sure.
> But I think you used Samba ntlm_auth and forgot the SPNEGO parameter to change it from NTLM to Negotiate auth protocol.
>  ntlm_auth --helper-format=gss-spnego
>
> http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
>
> If that does not work use the squid_kerb_auth helper to perform Negotiate/Kerberos.
>
>
> PS. please also update to a more recent squid. 3.1.16 or later work a lot better with NTLM.
>
> Amos

--
Atenciosamente,
Joćo Paulo Ferreira
Computer Science Student
+ 55 (71) 9297 - 1260
jferreira.ba_at_gmail.com
"Nunca diga para Deus que vocź tem um grande problema, diga sim, para
o seu problema que vocź tem um grande Deus."
Received on Wed Jan 25 2012 - 02:34:11 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 25 2012 - 12:00:03 MST