On 15/07/11 13:47, Daniel Faulknor wrote:
Hi,
I've followed the
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
howto, and I am now getting this error in my cache.log
2011/07/15 12:13:45| squid_kerb_auth: WARNING: received type 1 NTLM token
2011/07/15 12:13:45| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH received type 1 NTLM
token'
2011/07/15 12:13:54| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from squid
(length: 59).
2011/07/15 12:13:54| squid_kerb_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded
length: 40).
2011/07/15 12:13:54| squid_kerb_auth: WARNING: received type 1 NTLM token
2011/07/15 12:13:54| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH received type 1 NTLM
token'
This happens both when trying to access via the proxy using IE/Chrome/Firefox
None of my googling as presented a solution
Thanks
Squid is offering Negotiate/Kerberos auth and the agents are responding
with NTLM or Negotiate/NTLM.
Markus Moeller wrote a negotiate_wrapper helper that works nicely to
cope with Negotiate/NTLM responses. There is nothing we can do about the
other broken agents which return plain NTLM though.
The wrapper helper can be found at:
http://sourceforge.net/projects/squidkerbauth/files/
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.9