Hi,
At 10.48 17/11/2004, Adam Fernie wrote:
>Hi all,
>
>I'm trying to get ntlm_auth working with squid on debian. I have exactly
>the same problem as someone described in the mailing lists at
>http://www.squid-cache.org/mail-archive/squid-users/200306/0162.html but
>he didn't receive a reply.
>
>The no_check.pl receives the hash info but returns to squid "BH
>Squid-helper protocol error: unexpected negotiate-request".
>
>I see "authenticateNTLMHandleReply: Error obtaining challenge from helper:
>0x8206960. Error returned 'BH Squid-helper protocol error: unexpected
>negotiate-request" in the squid logs
>
>The info no_check.pl gets is a YR string over and over which results in ...
>
>domain is xxxxxx
>flags is 2718478855
>type is negotiate
>workstation is xxxxxx
>
>I tried using debian's packaged squid 2.5.7-1 and I downloaded 2.5STABLE7
>and compiled with "--enable-auth=ntlm,basic
>--enable-ntlm-auth-helpers=no_check".
>
>the configuration lines in squid.conf i used are
>
>
>acl serendipity proxy_auth REQUIRED
>http_access allow serendipity
>auth_param ntlm program /path/to/no_check.pl xxxxx
>auth_param ntlm children 5
>auth_param ntlm use_ntlm_negotiate on
>
>I know my browser (ie6) can do ntlm becasue it works with other proxies.
>
>Is there something wrong with my squid.conf config or the way I configured
>and compiled squid?
change the
auth_param ntlm use_ntlm_negotiate on
directive to
auth_param ntlm use_ntlm_negotiate off
negotiate cannot be supported by an authenticators like no_check.pl
The NTLM negotiate is supported only by real NTLM/NTLMv2 authenticators
like Samba 3 ntlm_auth or Windows native win32_ntlm_auth.exe.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Wed Nov 17 2004 - 12:46:41 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST