[squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized

Thu Jul 13 14:29:36 UTC 2023

Hi Rafael,
  that code was moved to a RegisteredRunner in commit
09490bb867d0b3f00a29911a65c715108e95b782 .
I'm not sure why it is not working for you; what is the output of 'squid
-v' to get configure options?

Thanks,
  Francesco

On Thu, Jul 13, 2023 at 1:38 PM Rafael Akchurin <
rafael.akchurin at diladele.com> wrote:

> Good day everyone,
>
> We are now trying to move the configuration with was valid and working in
> Squid 5.7 to Squid 6.1 and hitting the following error:
> Unknown authentication scheme 'ntlm'
>
> The problem seem to be with the following configuration we use (output
> from squid -k parse).
>
> 023/07/13 13:34:04| Processing: auth_param ntlm program
> /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
> 2023/07/13 13:34:04| ERROR: Failure while parsing Config File: Unknown
> authentication scheme 'ntlm'.
> 2023/07/13 13:34:04| FATAL: Bungled
> /opt/websafety/etc/squid/authentication.conf line 231: auth_param ntlm
> program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
> 2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
>
> Comparing the contents of squid-5.9/src/AuthReg.cc and
> squid-6.1/src/AuthReg.cc it seems the support for NTLM authentication was
> indeed removed from the codebase (see below).
>
> May I ask if the NTLM scheme is not needed at all now and we should
> continue using only Negotiate scheme (letting it handle the NTLM as usual)?
>
> Best regards,
> Rafael Akchurin
> Diladele B.V.
>
>
> In 5.0 the AuthReg.cc was
>
> /**
> * Initialize the authentication modules (if any)
> * This is required once, before any configuration actions are taken.
> */
> void
> Auth::Init()
> {
>     debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes
> ...");
> #if HAVE_AUTH_MODULE_BASIC
>     static const char *basic_type =
> Auth::Basic::Scheme::GetInstance()->type();
>     debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << basic_type << "'");
> #endif
> #if HAVE_AUTH_MODULE_DIGEST
>     static const char *digest_type =
> Auth::Digest::Scheme::GetInstance()->type();
>     debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << digest_type << "'");
> #endif
> #if HAVE_AUTH_MODULE_NEGOTIATE
>     static const char *negotiate_type =
> Auth::Negotiate::Scheme::GetInstance()->type();
>     debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << negotiate_type << "'");
> #endif
> #if HAVE_AUTH_MODULE_NTLM
>     static const char *ntlm_type =
> Auth::Ntlm::Scheme::GetInstance()->type();
>     debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << ntlm_type << "'");
> #endif
>     debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
> }
>
>
> In 6.1 it is now
>
>
>
> /**
> * Initialize the authentication modules (if any)
> * This is required once, before any configuration actions are taken.
> */
> void
> Auth::Init()
> {
>     debugs(29, 2, "Initializing Authentication Schemes ...");
> #if HAVE_AUTH_MODULE_BASIC
>     static const char *basic_type =
> Auth::Basic::Scheme::GetInstance()->type();
>     debugs(29, 2, "Initialized Authentication Scheme '" << basic_type <<
> "'");
> #endif
> #if HAVE_AUTH_MODULE_DIGEST
>     static const char *digest_type =
> Auth::Digest::Scheme::GetInstance()->type();
>     debugs(29, 2, "Initialized Authentication Scheme '" << digest_type <<
> "'");
> #endif
> #if HAVE_AUTH_MODULE_NEGOTIATE
>     static const char *negotiate_type =
> Auth::Negotiate::Scheme::GetInstance()->type();
>     debugs(29, 2, "Initialized Authentication Scheme '" << negotiate_type
> << "'");
> #endif
> }
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

-- 
    Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230713/5fc0c84c/attachment.htm>