Dear all,
I have a little problem trying to configure a fall back authentication
via negotiate_wrapper
Here is the squid configuration line:
auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth -d --helper-protocol=squid-2.5-ntlmssp
--domain=PREVIDOM --kerberos /usr/lib64/squid/squid_kerb_auth -d -s
HTTP/srvsquidproxy.previdom.previnet.it
The Kerberos auth runs very well, but, when negotiate_wrapper identifies
a type 1 NTLM token I get a NT_STATUS_NO_SUCH_USER in the cache.log.
The strange thing is that if I run ntlm_auth outside squid context I get
a successful auth.
/usr/bin/ntlm_auth --username=provaproxy --password=Pass1word
--domain=PREVIDOM
NT_STATUS_OK: Success (0x0)
Is it possible that negotiate_wrapper doesn't "understand" correctly
username & password from browser?
What is the correct username sintax to use in the login request?
user_at_fqdn or netbios domain\user or user without anything else? in my
case: provaproxy_at_previdom.previnet.it, previdom\provaproxy or provaproxy
without domain?
I'm using a precompiled 3.1.10 squid version on centos 6.4.
Thanks to all and sorry for my bad english
Received on Mon Oct 28 2013 - 15:16:32 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 31 2013 - 12:00:08 MDT