I can't acomplish this scenary to work.
I have Salt-Master version 3006.7 on Ubuntu 22, and minions running on Windows behind a Squid Proxy using NTLMv2 Authentication integrated with Active Directory. The minios are running version 3006.6
In a example, trying to install Video Lan VLC (pkg.install vlc).
The response is always the same:
File "C:\Program Files\Salt Project\Salt\lib\http\client.py", line 925, in _tunnel raise OSError(f"Tunnel connection failed: {code} {message.strip()}") OSError: Tunnel connection failed: 407 Proxy Authentication Required . . . . File "C:\Program Files\Salt Project\Salt\lib\site-packages\urllib3\util\retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='get.videolan.org', port=443): Max retries exceeded with url: /vlc/3.0.18/win64/vlc-3.0.18-win64.exe (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 407 Proxy Authentication Required')))
Perhaps the "tornado" component, or python http client is not supporting NTLM???
Any sugestion???....may be using "pillar" files???
I tryed several scenaries:
- Using salt.states.proxy (https://docs.saltproject.io/en/latest/ref/states/all/salt.states.proxy.html)
- Using state file with "proxy.managed", name, port, user, password configured.
- Using state file with "proxy:", "environ.setenv", "HTTP_PROXY".
- Setting proxy parameters into "C:\ProgramData\Salt Project\Salt\conf\minion" including "proxy_username" and "proxy_ password"
- Configuring "Log On" with AD user in the windows service "salt-minion"
I also try to setup username using several syntaxs: "domain\username", "domain\username" and "username" without domain portion.
Obviously, the spected result is that the minion starts to download the installer using Squid Proxy with those ceredentials and then execute the installation.