Should use_ntlm_negotiate be set to on? Here's what I have in my squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 20 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 30 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Web Proxy auth_param basic credentialsttl 2 hours On Wed, 10 Nov 2004 14:56:28 GMT, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Of course, > > ###################### > auth_param basic program /usr/local/samba/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm Credit Andorra > auth_param basic credentialsttl 2 hours > > auth_param ntlm program /usr/local/samba/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 30 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > auth_param ntlm use_ntlm_negotiate off > > external_acl_type NT_global_group children=4 %LOGIN > /usr/local/squidNG/libexec/wbinfo_group.pl > acl Internet_HTTP external NT_global_group > "/usr/local/squidNG/etc/usuarios_http" > acl Internet_HTTP_Restringit external NT_global_group > "/usr/local/squidNG/etc/usuarios_http_restringit" > acl Internet_FTP external NT_global_group > "/usr/local/squidNG/etc/usuarios_ftp" > acl Internet_FTP_Restringit external NT_global_group > "/usr/local/squidNG/etc/usuarios_ftp_restringit" > ########################################################## > > > > > ----- Original Message ----- > From: Matt Alexander <[EMAIL PROTECTED]> > Date: Wednesday, November 10, 2004 2:47 pm > Subject: Re: [squid-users] Problems while trying to authenticate using NTML > > > Can you send us the part of your squid.conf that's doing the > > authentication? > > > > > > On Wed, 10 Nov 2004 11:49:32 GMT, [EMAIL PROTECTED] > > <[EMAIL PROTECTED]> wrote: > > > Hello list, > > > > > > I just have compiled, configured and get working squid > > authenticating> against an Active Directory. I have set up what > > groups or users are > > > allowed to concrete resources, and is working well. > > > > > > The tests were done with a Mozilla browser, so everytime I > > started the > > > Mozilla I need to put the username/domain/password in the PopUp. But > > > once I try to do it with Windows the PopUp is still emerging (and > > yes I > > > have configured auth_param ntlm options) > > > > > > Bellow is the captured dialog between the browser and the Squid, > > you can > > > see how "Proxy-Authenticate: NTLM" header is showed to the > > browser, but > > > it is beneath "Proxy-Authenticate: Basic" header; and I suspect > > MSIE so > > > can't handle the NTLM one. > > > > > > Do you know if its possible to change the order that is shown the > > > Proxy-Authenticate headers?? > > > > > > GET > > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome> > > HTTP/1.1> Accept: */* > > > Accept-Language: es > > > Accept-Encoding: gzip, deflate > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0) > > > Host: www.microsoft.com > > > Proxy-Connection: Keep-Alive > > > Cookie: > > MC1=GUID=272912df2048ef4c95f806c79e6d07ad&HASH=df12&LV=200411&V=3> > > > HTTP/1.0 407 Proxy Authentication Required > > > Server: squid/2.5.STABLE7 > > > Mime-Version: 1.0 > > > Date: Wed, 10 Nov 2004 11:35:44 GMT > > > Content-Type: text/html > > > Content-Length: 1383 > > > Expires: Wed, 10 Nov 2004 11:35:44 GMT > > > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 > > > Proxy-Authenticate: Basic realm="Andorra" > > > Proxy-Authenticate: NTLM > > > X-Cache: MISS from srvproxy.andorra.ad > > > Proxy-Connection: close > > > > > > Thanks a lot, > > > > > > Agustin > > > > > > > > > > > > -- > > Get Firefox! > > http://www.mozilla.org/products/firefox/ > > > > > > -- Get Firefox! http://www.mozilla.org/products/firefox/
