[squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
Rafael Akchurin
rafael.akchurin at diladele.com
Thu Jul 13 11:38:39 UTC 2023
Good day everyone,
We are now trying to move the configuration with was valid and working in Squid 5.7 to Squid 6.1 and hitting the following error:
Unknown authentication scheme 'ntlm'
The problem seem to be with the following configuration we use (output from squid -k parse).
023/07/13 13:34:04| Processing: auth_param ntlm program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| ERROR: Failure while parsing Config File: Unknown authentication scheme 'ntlm'.
2023/07/13 13:34:04| FATAL: Bungled /opt/websafety/etc/squid/authentication.conf line 231: auth_param ntlm program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
Comparing the contents of squid-5.9/src/AuthReg.cc and squid-6.1/src/AuthReg.cc it seems the support for NTLM authentication was indeed removed from the codebase (see below).
May I ask if the NTLM scheme is not needed at all now and we should continue using only Negotiate scheme (letting it handle the NTLM as usual)?
Best regards,
Rafael Akchurin
Diladele B.V.
In 5.0 the AuthReg.cc was
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type = Auth::Digest::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type = Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << negotiate_type << "'");
#endif
#if HAVE_AUTH_MODULE_NTLM
static const char *ntlm_type = Auth::Ntlm::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << ntlm_type << "'");
#endif
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
}
In 6.1 it is now
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29, 2, "Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type = Auth::Digest::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" << digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type = Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" << negotiate_type << "'");
#endif
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 20765 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230713/bee8e520/attachment-0001.bin>
More information about the squid-users
mailing list