Upgrading to Squid 2.6 and NTLM authentication issues

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrading to Squid 2.6 and NTLM authentication issues

David Gameau
We've recently rolled out Squid 2.6STABLE13, from 2.5STABLE12,
and are having an issue with NTLM authentication.
Several applications have stopped authenticating correctly since
this upgrade.  They used to do Basic authentication in the past,
but now it appears that they are attempting to do NTLM
authentication.

One site, for example, where we're seeing this behaviour is
  http://www.poems.com.sg/
Accessing this via a Squid 2.5 proxy prompts for Basic authetication,
while a Squid 2.6 triggers an NTLM authentication dialog box
(which doesn't work).

Both installs are using Samba 3.0.25a (with winbind) to support
NTLM authentication against Active Directory.

A large percentage of the errant applications seem to be using
some version of Java, but we have also had issues raised with
applications like Yahoo Messenger.

Our squid.conf's auth configuration:
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 100
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 6
auth_param basic realm Internet Access (via your Windows Username and
Password - without the Domain name)
auth_param basic credentialsttl 2 hours

What should we be looking at to better diagnose this problem?

Thanks,
David.
__

David Gameau
ISTS - Systems Infrastructure
University of South Australia

email: [hidden email]
phone: +61 8 302 3533
fax:   +61 8 302 5800

Disclaimer: "His brain sometimes stops working." - Chiyo, Azumange Daoih

Reply | Threaded
Open this post in threaded view
|

Re: Upgrading to Squid 2.6 and NTLM authentication issues

Adrian Chadd
On Thu, Jun 07, 2007, David Gameau wrote:
> We've recently rolled out Squid 2.6STABLE13, from 2.5STABLE12,
> and are having an issue with NTLM authentication.
> Several applications have stopped authenticating correctly since
> this upgrade.  They used to do Basic authentication in the past,
> but now it appears that they are attempting to do NTLM
> authentication.

This isn't a new problem - many people have reported issues with NTLM
through various applications, including Java applications.

Would you be willing to take some packet captures of the successful
and failed requests and create a bugzilla ticket with all the relevant
information?

Thanks!




Adrian