Re: [squid-users] Re: question about negotiate wrapper

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 15 May 2013 23:31:21 +1200

On 15/05/2013 12:37 p.m., Carlos Defoe wrote:
> Ok. Let me be a bit more annoying.
>
> Is it necessary to use the pure ntlm auth following the negotiate? In
> what case the negotiate ntlm will not succeed and the pure ntlm will
> do?

It is optional. Negotiate is relatively newer than NTLM. It is possible
there are still client software out there which *only* understands plain
NTLM.

It's up to you whether you use it. I suggest running with both for a
while (some weeks / months) then looking at your helper statistics to
see which (if any) clients are picking NTLM still.

> One more thing: Can i set two basic auth methods? One with the
> ntlm_auth with helper-protocol "squid-2.5-basic", and another with
> basic_ldap_auth?

No. Not in any existing Squid versions.
The idea is on the wishlist since it keeps coming up as a FAQ, but
nobody has wanted it enough yet to be bothered sponsoring any work (at
least publicly).

> Seems that, in some cases, my basic_ldap_auth is receiving
> "samaccountname=none" and thus failing. Probably from some Internet
> Explorer behind a load balancer or a NAT. So i thought of trying ntlm
> basic too, but i couldn't find any example with two basic
> authentications and don't know if that makes any sense.
>
> thanks!

Amos
Received on Wed May 15 2013 - 11:31:32 MDT

This archive was generated by hypermail 2.2.0 : Wed May 15 2013 - 12:00:10 MDT