[squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized

Rafael Akchurin Thu, 13 Jul 2023 04:39:03 -0700

Good day everyone,

We are now trying to move the configuration with was valid and working in Squid 
5.7 to Squid 6.1 and hitting the following error:
Unknown authentication scheme 'ntlm'


The problem seem to be with the following configuration we use (output from 
squid -k parse).

023/07/13 13:34:04| Processing: auth_param ntlm program 
/opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| ERROR: Failure while parsing Config File: Unknown 
authentication scheme 'ntlm'.
2023/07/13 13:34:04| FATAL: Bungled 
/opt/websafety/etc/squid/authentication.conf line 231: auth_param ntlm program 
/opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.

Comparing the contents of squid-5.9/src/AuthReg.cc and squid-6.1/src/AuthReg.cc 
it seems the support for NTLM authentication was indeed removed from the 
codebase (see below).

May I ask if the NTLM scheme is not needed at all now and we should continue 
using only Negotiate scheme (letting it handle the NTLM as usual)?

Best regards,
Rafael Akchurin
Diladele B.V.


In 5.0 the AuthReg.cc was

/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
    debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
    static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type();
    debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << 
basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
    static const char *digest_type = 
Auth::Digest::Scheme::GetInstance()->type();
    debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << 
digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
    static const char *negotiate_type = 
Auth::Negotiate::Scheme::GetInstance()->type();
    debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << 
negotiate_type << "'");
#endif
#if HAVE_AUTH_MODULE_NTLM
    static const char *ntlm_type = Auth::Ntlm::Scheme::GetInstance()->type();
    debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << 
ntlm_type << "'");
#endif
    debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
}


In 6.1 it is now



/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
    debugs(29, 2, "Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
    static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type();
    debugs(29, 2, "Initialized Authentication Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
    static const char *digest_type = 
Auth::Digest::Scheme::GetInstance()->type();
    debugs(29, 2, "Initialized Authentication Scheme '" << digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
    static const char *negotiate_type = 
Auth::Negotiate::Scheme::GetInstance()->type();
    debugs(29, 2, "Initialized Authentication Scheme '" << negotiate_type << 
"'");
#endif
}

<<attachment: winmail.dat>>

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized

Reply via email to