What i showed used kerberos, if that fails it used ntlm.. and you can add.. if
that fails use LDAP (basic auth) ..
This way, you support all of them.
if you going only for kerberos, that make sure you setup your krb5.conf
correctly..
A + PTR records, SPN/UPNs and yes, then you can run it
in your smb.conf add
# Added to enforced NTLM 2, must be set on all Samba AD-DC's and the needed
members.
# This is used in combination with ntlm_auth --allow-mschapv2
ntlm auth = mschapv2-and-ntlmv2-only
In squid use:
auth_param negotiate program
Thanks amos !!
I think auth_schemes can be a workaround.
I will try it !
Le 21/09/2021 à 02:49, Amos Jeffries a écrit :
On 21/09/21 11:49 am, David Touzeau wrote:
When edge, chrome and IE try to establish a session, Squid claim
2021/09/21 01:17:27 kid1| ERROR: Negotiate Authentication
Thanks Louis for this tips but we did not want to use NTLM as it is an
old way.
It requires a samba on the Squid Box
As Amos said, this is most a browser (that using Microsoft API ) issue
The best way is to make these browsers replicating the correct Firefox
behavior.
Means swith to basic
On 21/09/21 11:49 am, David Touzeau wrote:
When edge, chrome and IE try to establish a session, Squid claim
2021/09/21 01:17:27 kid1| ERROR: Negotiate Authentication validating
user. Result: {result=BH, notes={message: received type 1 NTLM token; }}
This let us understanding that these 3