On 15/07/11 13:47, Daniel Faulknor wrote:
> Hi,
>
> I've followed the
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
> howto, and I am now getting this error in my cache.log
>
> 2011/07/15 12:13:45| squid_kerb_auth: WARNING: received type 1 NTLM token
> 2011/07/15 12:13:45| authenticateNegotiateHandleReply: Error
> validating user via Negotiate. Error returned 'BH received type 1 NTLM
> token'
> 2011/07/15 12:13:54| squid_kerb_auth: DEBUG: Got 'YR
> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from squid
> (length: 59).
> 2011/07/15 12:13:54| squid_kerb_auth: DEBUG: Decode
> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded
> length: 40).
> 2011/07/15 12:13:54| squid_kerb_auth: WARNING: received type 1 NTLM token
> 2011/07/15 12:13:54| authenticateNegotiateHandleReply: Error
> validating user via Negotiate. Error returned 'BH received type 1 NTLM
> token'
>
> This happens both when trying to access via the proxy using IE/Chrome/Firefox
>
> None of my googling as presented a solution
>
> Thanks
Squid is offering Negotiate/Kerberos auth and the agents are responding
with NTLM or Negotiate/NTLM.
Markus Moeller wrote a negotiate_wrapper helper that works nicely to
cope with Negotiate/NTLM responses. There is nothing we can do about the
other broken agents which return plain NTLM though.
The wrapper helper can be found at:
http://sourceforge.net/projects/squidkerbauth/files/
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.9Received on Fri Jul 15 2011 - 02:31:09 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 15 2011 - 12:00:02 MDT