[squid-users] proxy ntlm-auth problems
Silvester Langen
silvester at familielangen.de
Thu Jan 17 09:51:42 UTC 2019
Hello squid users.
I have configured squid for ntlm authentication and it seems to work
well. All needed browsers (ff, ie, chrome) work and programs like
teamviewer or "heise register" do work too. But now I notice, that
other programs like Sage HR, Dakota, Sfirm and Elster have problems
with authentication.
With wireshark I see the following:
(Stage1) Browsers, Teamviewer, etc starting request to squid and
squid returns "407 Proxy Authentication Required".
(Stage2) After that the client begins a new request for negotiation
and sends the credentials. The connection works.
But...
(Stage1) Sage HR, Sfirm, etc. starts request to squid and squid
returns "407 Proxy Authentication Required".
After that the client begins a new request but the same without
credentials and negotiation. Of course, the proxy refuses the
connection again.
I have no idea why the client software doesn´t start stage2 and no
idea to find out why.
Here is my configuration for ntlm-auth:
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth
-d --ntlm /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=mydomain --kerberos
/usr/lib/squid3/squid_kerb_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 10
auth_param negotiate keep_alive off
acl auth proxy_auth REQUIRED
http_access allow auth
Thank you for helping me!#
Silvester
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190117/8c188441/attachment.html>
More information about the squid-users
mailing list