Re: [squid-users] auth issue with chrome

From: Nick Cairncross <Nick.Cairncross_at_condenast.co.uk>
Date: Sat, 3 Jul 2010 19:51:33 +0100

Benedikt,

NTLM should be working for Chrome. What does cache.log say. You could
also try to use Kerberos for your Firefox clients and then NTLM for
Chrome. Placing the helpers in that order (Kerberos first, then NTLM)
would allow you to use both -that's what I use. Then you could bin
basic auth all together (unless you still want it for, say, Opera).

At the moment the squid_kerb_auth helper isn't wrapped up with NTLM,
although it would be nice to have - hint hint to the developers :)

On 3 Jul 2010, at 17:56, "b1" <forum_at_b1online.de> wrote:

> Hello altogether
>
> As the topic indicates I have a problem with google chrome
> authenticating against a windows server 2008 aktive directory.
> Firefox,
> for example works fine.
>
> These are the authentication lines I have in my squid.conf:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 10
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy server, using basic
> auth_param basic credentialsttl 2 hours
>
> I assume the problem is having ntlm at first position. Google chrome
> tries to supply my credentials via ntlm, which fails. However unlike
> firefox it is not offering the basic scheme after canceling the login
> dialog. Therefore all users with google chrome can`t use the proxy.
>
> Do you have any ideas of how to adress this problem, aside from using
> basic as standard authentication scheme (which I would like to avoid
> due
> to the unencrypted passwords)???
>
> If you need any additional information I am happy to provide it.
>
> Thanks in advance
>
> Benedikt
>

The information contained in this e-mail is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise, is not intended to waive privilege or confidentiality. Internet communications are not secure and therefore Conde Nast does not accept legal responsibility for the contents of this message. Any views or opinions expressed are those of the author.

The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square, London W1S 1JU
Received on Sat Jul 03 2010 - 18:51:27 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 05 2010 - 12:00:05 MDT