Upgrading to Squid 2.6 and NTLM authentication issues
We've recently rolled out Squid 2.6STABLE13, from 2.5STABLE12,
and are having an issue with NTLM authentication.
Several applications have stopped authenticating correctly since
this upgrade. They used to do Basic authentication in the past,
but now it appears that they are attempting to do NTLM
One site, for example, where we're seeing this behaviour is
http://www.poems.com.sg/ Accessing this via a Squid 2.5 proxy prompts for Basic authetication,
while a Squid 2.6 triggers an NTLM authentication dialog box
(which doesn't work).
Both installs are using Samba 3.0.25a (with winbind) to support
NTLM authentication against Active Directory.
A large percentage of the errant applications seem to be using
some version of Java, but we have also had issues raised with
applications like Yahoo Messenger.
Our squid.conf's auth configuration:
auth_param ntlm program /usr/local/bin/ntlm_auth
auth_param ntlm children 100
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth
auth_param basic children 6
auth_param basic realm Internet Access (via your Windows Username and
Password - without the Domain name)
auth_param basic credentialsttl 2 hours
What should we be looking at to better diagnose this problem?
ISTS - Systems Infrastructure
University of South Australia
Re: Upgrading to Squid 2.6 and NTLM authentication issues
On Thu, Jun 07, 2007, David Gameau wrote:
> We've recently rolled out Squid 2.6STABLE13, from 2.5STABLE12,
> and are having an issue with NTLM authentication.
> Several applications have stopped authenticating correctly since
> this upgrade. They used to do Basic authentication in the past,
> but now it appears that they are attempting to do NTLM
This isn't a new problem - many people have reported issues with NTLM
through various applications, including Java applications.
Would you be willing to take some packet captures of the successful
and failed requests and create a bugzilla ticket with all the relevant