Re: [squid-users] NTLM and the dreaded popup

From: Peter Arnold <arnoldpj@dont-contact.us>
Date: Tue, 12 Mar 2002 20:33:55 +1000

Hi,
See comments below

Chemolli Francesco (USI) wrote:

>>Does anyone know how to get rid of the popup asking for
>>username/password/domain when using NTLM?
>>
>>I've tried to impliment NTLM using 2.5pre3 and it works MOST
>>of the time
>>however every few minutes or so it keeps poping back.
>>
>>I've played with the parameters to extend them way beyond
>>reasonable eg
>>auth_param ntlm children 20
>>auth_param ntlm max_challenge_reuses 500
>>auth_param ntlm max_challenge_lifetime 10 minutes
>>
>>But this seems to make little difference...(do you need to
>>restart squid
>>as opposed to reload for param changes to take effect?)
>>
>>Any hints as to where I should look?
>>
>
> This depends on an inherent unreliability in the SMBSessSetup mechanism
> the NTLMSSP helper uses to authenticate. You either need

Is a timeout issue? Is there anything network wise that can help this?
Currently this box is on a 10Mb 1/2 Duplex switch while the
authentication is 2 switch hops away on a 10/100 Mb full duplex switch.

> the helper-fail-open option, or to try the winbind auth program

The helper fail option... is that the one included at compile time. How
does it work? Presumably if the NTLM helper fails, open access anyway?

> (look at http://devel.squid-cache.org/, tag "ntlm") which requires an
> alpha-level samba to run on the squid host.

Alpha or current? Winbind is included in the current distrib of samba.
I'm not really familiar with CVS but hte pages under
http://devel.squid-cache.org/projects.html#ntlm seem to be a little out
of date

Apologies for more questions than answers :\

Cheers
peter Arnold

>
>
Received on Tue Mar 12 2002 - 03:30:09 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:50 MST