NTLM Auth on e2guardian 5.1.1
528 views
Skip to first unread message
Roberto Resoli
Jul 30, 2018, 12:30:05 PM7/30/18
to e2gua...@googlegroups.com
Hello,
It's my first post to this list, so please be patient :-)
I'm trying to setup ntlm authentication on debian stretch, with stock
squid (3.5.23) and last e2guardian 5.1.1 from github releases debian
stretch package (e2guardian_debian_stretch_package.deb).
I have configured authentication on squid as follows:
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=(redacted)
auth_param ntlm children 1500
auth_param ntlm keep_alive on
## NTLM - basic
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 300
auth_param basic realm (redacted realm prompt)
auth_param basic credentialsttl 2 hours
Authentication works correctly if I contact squid directly, but when I
enable auth plugins in /etc/e2guardian/e2guardian.conf:
authplugin = '/etc/e2guardian/authplugins/proxy-ntlm.conf'
authplugin = '/etc/e2guardian/authplugins/proxy-basic.conf'
the browser prompts for authentication, and after providing credentials
sits waiting forever for a response.
The strange thing is that if move the 2 plugins configuration into
/etc/e2guardian/e2guardianf1.conf
the authentication is prompted 2 times (one for squid-2.5-ntlmssp, one
for squid-2.5-basic) and then works, even if no username is reported in
e2guardian access.log.
I am testing with a browser not ntlm enabled, so I expect the double prompt.
This configuration worked for years with dansguardian+squid
Any hint?
Thanks,
rob
It's my first post to this list, so please be patient :-)
I'm trying to setup ntlm authentication on debian stretch, with stock
squid (3.5.23) and last e2guardian 5.1.1 from github releases debian
stretch package (e2guardian_debian_stretch_package.deb).
I have configured authentication on squid as follows:
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=(redacted)
auth_param ntlm children 1500
auth_param ntlm keep_alive on
## NTLM - basic
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 300
auth_param basic realm (redacted realm prompt)
auth_param basic credentialsttl 2 hours
Authentication works correctly if I contact squid directly, but when I
enable auth plugins in /etc/e2guardian/e2guardian.conf:
authplugin = '/etc/e2guardian/authplugins/proxy-ntlm.conf'
authplugin = '/etc/e2guardian/authplugins/proxy-basic.conf'
the browser prompts for authentication, and after providing credentials
sits waiting forever for a response.
The strange thing is that if move the 2 plugins configuration into
/etc/e2guardian/e2guardianf1.conf
the authentication is prompted 2 times (one for squid-2.5-ntlmssp, one
for squid-2.5-basic) and then works, even if no username is reported in
e2guardian access.log.
I am testing with a browser not ntlm enabled, so I expect the double prompt.
This configuration worked for years with dansguardian+squid
Any hint?
Thanks,
rob
FredB
Jul 30, 2018, 1:51:05 PM7/30/18
to e2gua...@googlegroups.com
Yes there is a ticket on GitHub, seems ntlm is broken now
--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
Reply all
Reply to author
Forward
0 new messages