[squid-users] problem authentication ntlm with squid 3.5.21
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 4 04:41:43 UTC 2017
On 2017-01-04 03:14, amaury at tin.it wrote:
> Hello
> I upgrade squid from 3.4.9-20141203-r13193 to 3.5.21-20160908-
> r14081 and I have a problem with authentication to ntlm in a
> transparent configuration:
> the squid doesn't switch to https and so it
> doesn't authentication
This doesn't compute. Your config below has nothing to do with NTLM or
HTTPS.
> In my older version the configuration it so:
>
>
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching
> web server
> auth_param basic credentialsttl 2 hours
Three problems here:
1) without a "program" line specified the above do nothing.
2) the above lines are for *Basic* auth, not NTLM.
3) "transparent" interception proxy cannot perform authentication.
>
> cache_peer xxx.xxx.
> xxx.xxx parent 3128 0 no-query no-digest sourcehash name=PRX_ONE
>
> cache_peer yyy.yyy.yyy.yyy parent 3128 0 no-query no-digest sourcehash
> name=PRX_TWO
>
> that it works, but after I upgrade if I use http it
> doesn't autheticate.
see above.
If the parent(s) are performing NTLM authentication you need the
login=PASSTHRU option to be specified on the cache_peer lines and to
remove the auth_param settings.
HTH
Amos
More information about the squid-users
mailing list