[squid-users] negotiate_wrapper: Return 'AF = * username
Amos Jeffries
squid3 at treenet.co.nz
Tue Nov 24 02:39:51 UTC 2015
On 24/11/2015 5:57 a.m., Michael Pelletier wrote:
> Hello,
>
> I have squid in the production environment and everything is running well.
> I am building a new server that will be used as a new template of squid in
> our virtual environment.
>
> for some reason on the new template server I am getting negotiate_wrapper
> inserting a "*" before the username. This of course is not matching any
> users when I do a group matching in LDAP.
>
> negotiate_wrapper: Return 'AF = * [username]
>
> Yet, this is not happening in the production systems. Does anyone know what
> is going on?
The format of the Negotiate authentication lines is "AF" <token> <label>.
Where token is the base64 encoded Negotiate/Kerberos token to be sent to
the client to confirm authentication success. "*" is used when the
client is performing Negotiate/NTLM, which does not use that token.
Is that "=" symbol also in the result lines? if so it is what is
screwing things up.
IIRC we fixed this problem in the helper a long while back, please try
an upgrade. If it is occuring in the latest squid releases, please
provide which exact version you are using, and the cache.log trace when
diagnostics is enabled on the helper.
Amos
More information about the squid-users
mailing list