Re: [squid-users] Kerberos and NTLM authentication

From: Carlos Defoe <carlosdefoe_at_gmail.com>
Date: Wed, 15 May 2013 22:00:18 -0300

As far as i know, the only auth mech that will prompt for password is
the basic one, so you're not enabling one per time.

But all three enabled shouldn't give you problems anyway...

Try setting
auth_param negotiate keep_alive off
and
auth_param ntlm keep_alive off

Add "--diagnostics" to ntlm_auth lines, so you get more info while debugging.

Also, try two helpers at a time, commenting those negotiate lines, for
example, and try to authenticate in a non-domain machine.

On Wed, May 15, 2013 at 8:28 PM, Brett Lymn <brett.lymn_at_baesystems.com> wrote:
> On Wed, May 15, 2013 at 03:45:28PM -0300, Delton wrote:
>> That's what (I think) I tried:
>>
>> auth_param negotiate program /usr/local/bin/squid_kerb_auth -d -s
>> HTTP/squidserver.bnpapeis.local
>> auth_param negotiate children 5
>> auth_param negotiate keep_alive on
>>
>> auth_param ntlm program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-ntlmssp
>> auth_param ntlm children 30
>>
>> auth_param basic program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-basic
>> auth_param basic children 5
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 2 hours
>>
>> acl users proxy_auth REQUIRED
>> http_access allow users
>>
>> All authentication mechanisms work when only one is used. I also tried
>> to inform DOMAIN\user in Internet Explorer and Firefox.
>>
>
> For machines not on the domain using IE go into the advanced settings and
> untick "enable Integrated Windows Authentication".
>
> --
> Brett Lymn
> "Warning:
> The information contained in this email and any attached files is
> confidential to BAE Systems Australia. If you are not the intended
> recipient, any use, disclosure or copying of this email or any
> attachments is expressly prohibited. If you have received this email
> in error, please notify us immediately. VIRUS: Every care has been
> taken to ensure this email and its attachments are virus free,
> however, any loss or damage incurred in using this email is not the
> sender's responsibility. It is your responsibility to ensure virus
> checks are completed before installing any data sent in this email to
> your computer."
>
>
Received on Thu May 16 2013 - 01:00:25 MDT

This archive was generated by hypermail 2.2.0 : Thu May 16 2013 - 12:00:06 MDT