That's what (I think) I tried:
auth_param negotiate program /usr/local/bin/squid_kerb_auth -d -s
HTTP/squidserver.bnpapeis.local
auth_param negotiate children 5
auth_param negotiate keep_alive on
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl users proxy_auth REQUIRED
http_access allow users
All authentication mechanisms work when only one is used. I also tried
to inform DOMAIN\user in Internet Explorer and Firefox.
Em 15/05/2013 14:31, Carlos Defoe escreveu:
> I think the BCP (best current practice) is to use, in sequence:
>
> 1) negotiate_wrapper configured with kerberos and ntlm
> 2) pure ntlm with ntlm_auth
> 3) one basic auth of your choice
>
> Inserting those three methods in sequence on your squid.conf will do the job.
>
> If you have problems with prompted auth, try inserting the user domain
> when authenticating, like "MYDOMAIN\myusername". I've found that
> Internet Explorer needs this.
>
Received on Wed May 15 2013 - 18:46:41 MDT
This archive was generated by hypermail 2.2.0 : Thu May 16 2013 - 12:00:06 MDT