Squid error validating user via ntlm

29-Nov-2018 08:04

The used proxy is the latest Squid 2 using a simple fake authentication. If necessary I can provide their configuration files in order to reproduce the error.Does it behave differently when setting CURLAUTH_NTLM (no probing)? What's the auth methods offered by the proxy (paste -v output)? Yes, using CURLAUTH_ANY is essential to reproduce the error. libcurl sends the plain CONNECT request over and over although the proxy response always contains the header In order to reproduce the error it is essential that libcurl succeeds to connect to the proxy once beforehand.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As part of the effort to make it possible to test kerb_auth helpers and related issues that was reported in the users list I have built a testing environment.The testing environment structure: - - The realm\domain: LOCAL.This allows Squid to log usernames in the Squid access logs and allows only users with remaining Internet Quota access to the Internet.(If you would prefer to run Squid on Windows, then read our article Installing and configuring Squid NT.A forma como essa autenticao vai ser negociada o que define sua segurana, eficincia e compatibilidade.Cabe ao responsvel decidir a melhor forma a ser utilizada.

Ela pode ser implementada com diversos helpers, por exemplo pam, httpd, ldap, nsca etc.

LAN - - 192.1 = windows 8 user in the domain elicro - - 192.168.11.1(master.local.lan) = windows server 2012r2, dns, AD - - 192.1(proxy1.local.lan) = Cent OS 6.6, GW, squid I am unsure about the details but as I understood from the MS nice sysadmin somewhere in a chat it's very simple to implement.

He explained to me that I only need a basic domain AD(which must have a DNS) and a basic user. id=4129 I responded with an article link: (I have not used the group external_acl just the auth) Which demonstrates how to make it work with WS 2008r2.

The proxy authentication type is set to CURLAUTH_ANY.

The following steps are necessary in order to reproduce the problem: curl_easy_setopt(curl, CURLOPT_PROXY, proxy_ip); curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxy_port); curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, proxy_userpwd); curl_easy_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_ANY); curl_easy_setopt(curl, CURLOPT_CAINFO, ca_cert); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); curl_easy_setopt(curl, CURLOPT_DEBUGDATA, stderr); curl_easy_setopt(curl, CURLOPT_URL, "https://.

Ela pode ser implementada com diversos helpers, por exemplo pam, httpd, ldap, nsca etc.

LAN - - 192.1 = windows 8 user in the domain elicro - - 192.168.11.1(master.local.lan) = windows server 2012r2, dns, AD - - 192.1(proxy1.local.lan) = Cent OS 6.6, GW, squid I am unsure about the details but as I understood from the MS nice sysadmin somewhere in a chat it's very simple to implement.

He explained to me that I only need a basic domain AD(which must have a DNS) and a basic user. id=4129 I responded with an article link: (I have not used the group external_acl just the auth) Which demonstrates how to make it work with WS 2008r2.

The proxy authentication type is set to CURLAUTH_ANY.

The following steps are necessary in order to reproduce the problem: curl_easy_setopt(curl, CURLOPT_PROXY, proxy_ip); curl_easy_setopt(curl, CURLOPT_PROXYPORT, proxy_port); curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, proxy_userpwd); curl_easy_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_ANY); curl_easy_setopt(curl, CURLOPT_CAINFO, ca_cert); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); curl_easy_setopt(curl, CURLOPT_DEBUGDATA, stderr); curl_easy_setopt(curl, CURLOPT_URL, "https://.

Which indicates the browser is trying to negotiate NTLM (which is unsupported by Nethserver's Squid as of Netherver 7.x) instead of Kerberos.