[squid-users] Problem with negotiate_wrapper and ntlm authentication

From: Matteo De Lazzari <mdelazza_at_gmail.com>
Date: Mon, 28 Oct 2013 18:19:26 +0100

Dear all,
I have a little problem trying to configure a fall back authentication
via negotiate_wrapper

Here is the squid configuration line:

auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth -d --helper-protocol=squid-2.5-ntlmssp
--domain=PREVIDOM --kerberos /usr/lib64/squid/squid_kerb_auth -d -s
HTTP/srvsquidproxy.previdom.previnet.it

The Kerberos auth runs very well, but, when negotiate_wrapper identifies
a type 1 NTLM token I get a NT_STATUS_NO_SUCH_USER in the cache.log.
The strange thing is that if I run ntlm_auth outside squid context I get
a successful auth.

/usr/bin/ntlm_auth --username=provaproxy --password=Pass1word
--domain=PREVIDOM
NT_STATUS_OK: Success (0x0)

Is it possible that negotiate_wrapper doesn't "understand" correctly
username & password from browser?
What is the correct username sintax to use in the login request?
user_at_fqdn or netbios domain\user or user without anything else? in my
case: provaproxy_at_previdom.previnet.it, previdom\provaproxy or provaproxy
without domain?

I'm using a precompiled 3.1.10 squid version on centos 6.4.

Thanks to all and sorry for my bad english
Received on Mon Oct 28 2013 - 17:19:35 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 29 2013 - 12:00:06 MDT