Re: [squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
Please see if the following partial fix helps in your environment:
https://github.com/squid-cache/squid/commit/5596a2f4894f80864b660b035d05f5aec74f8312.patch
The fix has been posted for preliminary review as draft PR 1422:
https://github.com/squid-cache/squid/pull/1422
Thank you,
Alex.
On 7/13/23 12:53, Rafael Akchurin wrote:
And the configure options are just those from Debian Unstable (I just added the
--disable-optimizations to be able to debug in vscode):
./configure \
--with-build-environment=default \
--disable-optimizations \
--enable-build-info="ubuntu 22" \
--datadir=/usr/share/squid \
--sysconfdir=/etc/squid \
--libexecdir=/usr/lib/squid \
--mandir=/usr/share/man \
--enable-inline \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio="ufs,aufs,diskd,rock" \
--enable-removal-policies="lru,heap" \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \
--enable-auth-digest="file,LDAP" \
--enable-auth-negotiate="kerberos,wrapper" \
--enable-auth-ntlm="fake,SMB_LM" \
--enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group"
\
--enable-security-cert-validators="fake" \
--enable-storeid-rewrite-helpers="file" \
--enable-url-rewrite-helpers="fake" \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid \
--with-logdir=/var/log/squid \
--with-pidfile=/run/squid.pid \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--enable-linux-netfilter \
--with-systemd
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Thursday, July 13, 2023 5:02 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
On 7/13/23 10:29, Francesco Chemolli wrote:
Hi Rafael,
that code was moved to a RegisteredRunner in commit
09490bb867d0b3f00a29911a65c715108e95b782 .
I'm not sure why it is not working for you
That commit broke NTLM support in some environments because the linker in those
environments does not add src/auth/ntlm/Scheme.cc code to squid executable.
Linkers are allowed to drop modules that they think are unused. We will need to
find a solution to that problem.
Alex.
On Thu, Jul 13, 2023 at 1:38 PM Rafael Akchurin
mailto:rafael.akchu...@diladele.com>> wrote:
Good day everyone,
We are now trying to move the configuration with was valid and
working in Squid 5.7 to Squid 6.1 and hitting the following error:
Unknown authentication scheme 'ntlm'
The problem seem to be with the following configuration we use
(output from squid -k parse).
023/07/13 13:34:04| Processing: auth_param ntlm program
/opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| ERROR: Failure while parsing Config File:
Unknown authentication scheme 'ntlm'.
2023/07/13 13:34:04| FATAL: Bungled
/opt/websafety/etc/squid/authentication.conf line 231: auth_param
ntlm program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan
--dc1port=389
2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
Comparing the contents of squid-5.9/src/AuthReg.cc and
squid-6.1/src/AuthReg.cc it seems the support for NTLM
authentication was indeed removed from the codebase (see below).
May I ask if the NTLM scheme is not needed at all now and we should
continue using only Negotiate scheme (letting it handle the NTLM as
usual)?
Best regards,
Rafael Akchurin
Diladele B.V.
In 5.0 the AuthReg.cc was
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication
Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type =
Auth::Basic::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type =
Auth::Digest::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Re: [squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
And the configure options are just those from Debian Unstable (I just added the
--disable-optimizations to be able to debug in vscode):
./configure \
--with-build-environment=default \
--disable-optimizations \
--enable-build-info="ubuntu 22" \
--datadir=/usr/share/squid \
--sysconfdir=/etc/squid \
--libexecdir=/usr/lib/squid \
--mandir=/usr/share/man \
--enable-inline \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio="ufs,aufs,diskd,rock" \
--enable-removal-policies="lru,heap" \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \
--enable-auth-digest="file,LDAP" \
--enable-auth-negotiate="kerberos,wrapper" \
--enable-auth-ntlm="fake,SMB_LM" \
--enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group"
\
--enable-security-cert-validators="fake" \
--enable-storeid-rewrite-helpers="file" \
--enable-url-rewrite-helpers="fake" \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid \
--with-logdir=/var/log/squid \
--with-pidfile=/run/squid.pid \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--enable-linux-netfilter \
--with-systemd
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Thursday, July 13, 2023 5:02 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
On 7/13/23 10:29, Francesco Chemolli wrote:
> Hi Rafael,
> that code was moved to a RegisteredRunner in commit
> 09490bb867d0b3f00a29911a65c715108e95b782 .
> I'm not sure why it is not working for you
That commit broke NTLM support in some environments because the linker in those
environments does not add src/auth/ntlm/Scheme.cc code to squid executable.
Linkers are allowed to drop modules that they think are unused. We will need to
find a solution to that problem.
Alex.
> On Thu, Jul 13, 2023 at 1:38 PM Rafael Akchurin
> mailto:rafael.akchu...@diladele.com>> wrote:
>
> Good day everyone,
>
> We are now trying to move the configuration with was valid and
> working in Squid 5.7 to Squid 6.1 and hitting the following error:
> Unknown authentication scheme 'ntlm'
>
> The problem seem to be with the following configuration we use
> (output from squid -k parse).
>
> 023/07/13 13:34:04| Processing: auth_param ntlm program
> /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
> 2023/07/13 13:34:04| ERROR: Failure while parsing Config File:
> Unknown authentication scheme 'ntlm'.
> 2023/07/13 13:34:04| FATAL: Bungled
> /opt/websafety/etc/squid/authentication.conf line 231: auth_param
> ntlm program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan
> --dc1port=389
> 2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
>
> Comparing the contents of squid-5.9/src/AuthReg.cc and
> squid-6.1/src/AuthReg.cc it seems the support for NTLM
> authentication was indeed removed from the codebase (see below).
>
> May I ask if the NTLM scheme is not needed at all now and we should
> continue using only Negotiate scheme (letting it handle the NTLM as
> usual)?
>
> Best regards,
> Rafael Akchurin
> Diladele B.V.
>
>
> In 5.0 the AuthReg.cc was
>
> /**
> * Initialize the authentication modules (if any)
> * This is required once, before any configuration actions are taken.
> */
> void
> Auth::Init()
> {
> debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication
> Schemes ...");
> #if HAVE_AUTH_MODULE_BASIC
> static const char *basic_type =
> Auth::Basic::Scheme::GetInstance()->type();
> debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
> Scheme '" << basic_type << "'");
> #endif
> #if HAVE_AUTH_MODULE_DIGEST
> static const char *digest_type =
> Auth::Digest::Scheme::GetInstance()->type();
> debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
> Scheme '" << digest_type << "'");
> #endif
>
Re: [squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
On 7/13/23 10:29, Francesco Chemolli wrote:
Hi Rafael,
that code was moved to a RegisteredRunner in commit
09490bb867d0b3f00a29911a65c715108e95b782 .
I'm not sure why it is not working for you
That commit broke NTLM support in some environments because the linker
in those environments does not add src/auth/ntlm/Scheme.cc code to squid
executable. Linkers are allowed to drop modules that they think are
unused. We will need to find a solution to that problem.
Alex.
On Thu, Jul 13, 2023 at 1:38 PM Rafael Akchurin
mailto:rafael.akchu...@diladele.com>> wrote:
Good day everyone,
We are now trying to move the configuration with was valid and
working in Squid 5.7 to Squid 6.1 and hitting the following error:
Unknown authentication scheme 'ntlm'
The problem seem to be with the following configuration we use
(output from squid -k parse).
023/07/13 13:34:04| Processing: auth_param ntlm program
/opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| ERROR: Failure while parsing Config File:
Unknown authentication scheme 'ntlm'.
2023/07/13 13:34:04| FATAL: Bungled
/opt/websafety/etc/squid/authentication.conf line 231: auth_param
ntlm program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan
--dc1port=389
2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
Comparing the contents of squid-5.9/src/AuthReg.cc and
squid-6.1/src/AuthReg.cc it seems the support for NTLM
authentication was indeed removed from the codebase (see below).
May I ask if the NTLM scheme is not needed at all now and we should
continue using only Negotiate scheme (letting it handle the NTLM as
usual)?
Best regards,
Rafael Akchurin
Diladele B.V.
In 5.0 the AuthReg.cc was
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication
Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type =
Auth::Basic::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type =
Auth::Digest::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type =
Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << negotiate_type << "'");
#endif
#if HAVE_AUTH_MODULE_NTLM
static const char *ntlm_type =
Auth::Ntlm::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication
Scheme '" << ntlm_type << "'");
#endif
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
}
In 6.1 it is now
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29, 2, "Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type =
Auth::Basic::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" <<
basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type =
Auth::Digest::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" <<
digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type =
Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" <<
negotiate_type << "'");
#endif
}
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
--
Francesco
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
Hi Rafael,
that code was moved to a RegisteredRunner in commit
09490bb867d0b3f00a29911a65c715108e95b782 .
I'm not sure why it is not working for you; what is the output of 'squid
-v' to get configure options?
Thanks,
Francesco
On Thu, Jul 13, 2023 at 1:38 PM Rafael Akchurin <
rafael.akchu...@diladele.com> wrote:
> Good day everyone,
>
> We are now trying to move the configuration with was valid and working in
> Squid 5.7 to Squid 6.1 and hitting the following error:
> Unknown authentication scheme 'ntlm'
>
> The problem seem to be with the following configuration we use (output
> from squid -k parse).
>
> 023/07/13 13:34:04| Processing: auth_param ntlm program
> /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
> 2023/07/13 13:34:04| ERROR: Failure while parsing Config File: Unknown
> authentication scheme 'ntlm'.
> 2023/07/13 13:34:04| FATAL: Bungled
> /opt/websafety/etc/squid/authentication.conf line 231: auth_param ntlm
> program /opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
> 2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
>
> Comparing the contents of squid-5.9/src/AuthReg.cc and
> squid-6.1/src/AuthReg.cc it seems the support for NTLM authentication was
> indeed removed from the codebase (see below).
>
> May I ask if the NTLM scheme is not needed at all now and we should
> continue using only Negotiate scheme (letting it handle the NTLM as usual)?
>
> Best regards,
> Rafael Akchurin
> Diladele B.V.
>
>
> In 5.0 the AuthReg.cc was
>
> /**
> * Initialize the authentication modules (if any)
> * This is required once, before any configuration actions are taken.
> */
> void
> Auth::Init()
> {
> debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes
> ...");
> #if HAVE_AUTH_MODULE_BASIC
> static const char *basic_type =
> Auth::Basic::Scheme::GetInstance()->type();
> debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << basic_type << "'");
> #endif
> #if HAVE_AUTH_MODULE_DIGEST
> static const char *digest_type =
> Auth::Digest::Scheme::GetInstance()->type();
> debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << digest_type << "'");
> #endif
> #if HAVE_AUTH_MODULE_NEGOTIATE
> static const char *negotiate_type =
> Auth::Negotiate::Scheme::GetInstance()->type();
> debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << negotiate_type << "'");
> #endif
> #if HAVE_AUTH_MODULE_NTLM
> static const char *ntlm_type =
> Auth::Ntlm::Scheme::GetInstance()->type();
> debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '"
> << ntlm_type << "'");
> #endif
> debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
> }
>
>
> In 6.1 it is now
>
>
>
> /**
> * Initialize the authentication modules (if any)
> * This is required once, before any configuration actions are taken.
> */
> void
> Auth::Init()
> {
> debugs(29, 2, "Initializing Authentication Schemes ...");
> #if HAVE_AUTH_MODULE_BASIC
> static const char *basic_type =
> Auth::Basic::Scheme::GetInstance()->type();
> debugs(29, 2, "Initialized Authentication Scheme '" << basic_type <<
> "'");
> #endif
> #if HAVE_AUTH_MODULE_DIGEST
> static const char *digest_type =
> Auth::Digest::Scheme::GetInstance()->type();
> debugs(29, 2, "Initialized Authentication Scheme '" << digest_type <<
> "'");
> #endif
> #if HAVE_AUTH_MODULE_NEGOTIATE
> static const char *negotiate_type =
> Auth::Negotiate::Scheme::GetInstance()->type();
> debugs(29, 2, "Initialized Authentication Scheme '" << negotiate_type
> << "'");
> #endif
> }
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
Francesco
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid 6.1 - auth scheme 'ntlm' is not recognized
Good day everyone,
We are now trying to move the configuration with was valid and working in Squid
5.7 to Squid 6.1 and hitting the following error:
Unknown authentication scheme 'ntlm'
The problem seem to be with the following configuration we use (output from
squid -k parse).
023/07/13 13:34:04| Processing: auth_param ntlm program
/opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| ERROR: Failure while parsing Config File: Unknown
authentication scheme 'ntlm'.
2023/07/13 13:34:04| FATAL: Bungled
/opt/websafety/etc/squid/authentication.conf line 231: auth_param ntlm program
/opt/websafety/bin/wsauth --dc1addr=dc1.diladele.lan --dc1port=389
2023/07/13 13:34:04| Squid Cache (Version 6.1): Terminated abnormally.
Comparing the contents of squid-5.9/src/AuthReg.cc and squid-6.1/src/AuthReg.cc
it seems the support for NTLM authentication was indeed removed from the
codebase (see below).
May I ask if the NTLM scheme is not needed at all now and we should continue
using only Negotiate scheme (letting it handle the NTLM as usual)?
Best regards,
Rafael Akchurin
Diladele B.V.
In 5.0 the AuthReg.cc was
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" <<
basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type =
Auth::Digest::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" <<
digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type =
Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" <<
negotiate_type << "'");
#endif
#if HAVE_AUTH_MODULE_NTLM
static const char *ntlm_type = Auth::Ntlm::Scheme::GetInstance()->type();
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" <<
ntlm_type << "'");
#endif
debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
}
In 6.1 it is now
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
Auth::Init()
{
debugs(29, 2, "Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type =
Auth::Digest::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" << digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type =
Auth::Negotiate::Scheme::GetInstance()->type();
debugs(29, 2, "Initialized Authentication Scheme '" << negotiate_type <<
"'");
#endif
}
<>___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
