[squid-users] NTLM authentication worked in Squid 2.7.STABLE8 Squid Web Proxy, now need it in v3.5 hosted on Windows server 2k12

Todd Pearson rtpearson at yahoo.com
Tue Jun 27 17:12:41 UTC 2017 

Thank you for the information.  Is there any place to download the helper binaries for NTLM?  Or do I need to build them myself?
Is there additional information on kerberos configuration in a windows environment.  Trying to wrap my head around the keytab and creation of it in a windows only environment.      From: Amos Jeffries <squid3 at treenet.co.nz>
 To: squid-users at lists.squid-cache.org 
 Sent: Tuesday, June 27, 2017 8:40 AM
 Subject: Re: [squid-users] NTLM authentication worked in Squid 2.7.STABLE8 Squid Web Proxy, now need it in v3.5 hosted on Windows server 2k12
   
On 27/06/17 12:06, Todd Pearson wrote:
> 
> I am hosting the squid proxy on Windows 2K12 server.  Squid 2.7.STABLE8 
> Squid Web Proxy version worked well for authentication until recent 
> Windows 10 update killed Sha1.  Now I am upgrading to squid proxy 
> version 3.5.x.x to restore authentication.

FYI: upgrading to Squid-3 will not solve that problem by itself. The 
helpers in both Squid series are performing the same logic, with the 
same crypto limitations.

The core problem is that NTLM protocol itself is not capable of anything 
actually considered secure these days. It was declared EOL by MS more 
then 11 years ago, so loss of NTLM related things in Win10 is hardly a 
surprise.

To solve your auth problem what you need is actually a migration to 
Kerberos authentication (Negotiate auth). You might find that slightly 
easier after the Squid-3 upgrade, but the two are really independent 
changes.


> 
> The below settings are longer available in the 3.5.x.x version since the 
> progams do not exist for the new version:
> 
> auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
> 
> external_acl_type win_domain_group %LOGIN 
> c:/squid/libexec/mswin_check_ad_group.exe -G
> 
> 
> What are the equivalent setting for v 3.5.  Once again I am in windows 
> environment.

The helpers still exist, they just got renamed to follow a structured 
taxonomy:
<http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html#ss2.6>


Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170627/3262745d/attachment.html>

More information about the squid-users mailing list