[squid-users] NTLM Authentication / Centos 7

Jon Cuthbert jon at jmcnetworks.co.uk
Mon Aug 20 16:15:56 UTC 2018 

On a new installation, I can not get the ntlm_auth working correctly:
Squid - v 3.5.20

2018/08/20 17:00:27| helperOpenServers: Starting 1/5 'ntlm_auth' processes
2018/08/20 17:00:27| WARNING: basicauthenticator #Hlpr243 exited
2018/08/20 17:00:27| Too few basicauthenticator processes are running (need
1/5)
2018/08/20 17:00:27| Starting new helpers
2018/08/20 17:00:27| helperOpenServers: Starting 1/5 'ntlm_auth' processes
2018/08/20 17:00:27| WARNING: basicauthenticator #Hlpr244 exited
2018/08/20 17:00:27| Too few basicauthenticator processes are running (need
1/5)
2018/08/20 17:00:27| Starting new helpers
2018/08/20 17:00:27| helperOpenServers: Starting 1/5 'ntlm_auth' processes

The ntlm_auth process respawns constantly, with the following error once
the request & user authentication attempt is sent from the browser:
'helperOpenServers: Starting 1/10 'ntlm_auth' processes
username must be specified!'

Above is with auth_param ntlm # commented out but the same happens if ntlm
is first.

squid.conf file contains:

auth_param ntlm program /usr/bin/ntlm_auth
-–helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param basic program /usr/bin/ntlm_auth
-–helper-protocol=squid-2.5-basic
auth_param basic children 5
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers



The following ownerships are in place:
root:wbpriv /var/lib/samba/winbindd_privileged/
root:wbpriv /var/run/samba/winbindd/pipe

wbinfo - works for both plaintext & challenge/response
wbinfo -t works

/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
works correctly - (if a space is left after the c basic, otherwise it
complains about username - I've tried squid.conf leaving a space as well)

/usr/bin/ntlm_auth -–helper-protocol=squid-2.5-ntlmssp
gives BH SPNEGO request invalid prefix - assume related to Negotiate, but
will investigate after basic authentication in case related).

I've looked at as many install instructions as possible, and this should be
okay?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180820/e777d50c/attachment.html>

More information about the squid-users mailing list