Re: [squid-users] The Famous "NTLMSSP command 3, expected 1"

From: Go Wow <gowows_at_gmail.com>
Date: Tue, 19 Apr 2011 15:54:40 +0400

Hi,

I meant 3.1.11

How do I check which user-agent is giving this issue? As I told 70%
people use IE here (different versions) some use IE 8, IE 7 and IE 6.
20-25% use firefox 3.6 or firefox 4 and rest use google chrome.

Can you please point me to some doc to use that negotiate wrapper. I
tried squid_kerb_auth and failed miserably and I'm not planning to go
near it until my squid is stable.

I have made a GPO for all users to use NTML as preferred auth method,
let's see if that makes a difference. I did it by adding
"LmCompatibilityLevel" to "1" in registry.

Cheers

On 19 April 2011 14:08, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 19/04/11 20:09, Go Wow wrote:
>>
>> Hi,
>>
>> I use NTLM to authenticate my AD users with Squid 3.11. My cache logs
>
> You mean 3.1.1? we are only up to 3.2 series so far.
>
>> have these entries at random times. I know that the client is sending
>> a kerberos reply instead of NTLM auth. I want to know whether
>> something can be done about this or not.
>>
>> libsmb/ntlmssp.c:335(ntlmssp_update)  got NTLMSSP command 3, expected 1
>>
>> I tried moving to Kerberos but it didnt work for me. My client envirno
>> is IE 8, Chrome and Firefox 3.6 or 4
>
> For the record which User-Agent is broken and sending Kerberos when offered
> NTLM? and are you offering Negotiate?
>
> The new negotiate_wrapper helper from Markus Moeller may help. We have
> tested it of use in "auth_param negotiate", but I'm not sure of the effect
> if its used in "auth_param ntlm".
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.12
>  Beta testers wanted for 3.2.0.7
>
Received on Tue Apr 19 2011 - 11:54:47 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 19 2011 - 12:00:04 MDT