Hallo @juraj,
Welcome to the IPFire community.
I just tried out setting the authentications with the web proxy on my vm testbed.
I presume that you have samba installed as ntlm-auth only seems to be used when that is installed. Then Windows Active Directory becomes one of the Authentication options on the web proxy page.
So I installed samba and then selected Windows Active Directory for the authentication and then pressed the “Save and Restart” button.
I did not get any error message at this stage. Looking in the squid.conf file there was both a
auth_param basic credentialsttl xx minutes
and a
auth_param ntlm credentialsttl xx minutes
line in the file.
Looking in the proxy.cgi file this is what the code is written to actually do.
At what point do you get the error message?
Looking back through the commits to proxy.cgi the inclusion of
auth_param ntlm credentialsttl xx minutes
into the ntlm auth section occurred around the beginning of 2019, although I cannot find the actual commit making the change.
For many of the other options squid ignores them if they are used in a context that is not correct. If the credentialsttl does not fall into that category and creates an error then this may be a bug in the cgi code that has been there since the start of 2019. Maybe there are not many people using the Windows Active Directory authentication option with Samba so it has not been found till now.
It would be good to know at which stage of the authentication setup or operation that you got the error message and was it on the Web Proxy cgi page or somewhere else.
If it is a bug then it would be good for you to raise this in the IPFire Bugzilla. Your IPFire People email address and password credentials will work to authenticate you in the IPFire Bugzilla.
https://wiki.ipfire.org/devel/bugzilla
https://bugzilla.ipfire.org/