Re: [squid-users] unexpected state in AuthenticateNTLMFixErrorHea der (squid crash)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Wed, 2 May 2001 07:48:46 +1000

We've got the same bug in ~4 sites now. I'd like to say I've got no clue
buts that would be lieing. I've got a suspicion that some got is getting
confused and logging out the user when a password prompt is seen from
the outside world. This obviously shouldn't be happening.

Boris. There is some code to prevent some possible reasons for this in
the ntlm branch, please get that branch from cvs and compile with
EXTRA_DEBUG and install it. Then zap your cache.log

set debug to 28,9 29,9 33,5 and send a minimal session to me please.
You may want to to alter the NTLM hashes a little, but the sequenece
leading up to AABAA/AACAA/AADAA mut not be changed as that is our ID
field. (I'm not going to doing anything dodgy with the hashs, but it's
your call :]

Rob

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Boris Segal" <BORISSE@Amdocs.com>
Cc: <squid-dev@squid-cache.org>
Sent: Wednesday, May 02, 2001 2:06 AM
Subject: Re: [squid-users] unexpected state in
AuthenticateNTLMFixErrorHea der (squid crash)

> Sounds like a bug in the NTLM code.
>
> Boris: Which date is this 2.5 version from (you seem to be using a
> version downloaded via CVS, not a snapshot version. The snapshot
> versions include the snapshot date in the version string).
>
> Robert: Any comment on what might be causing this?
>
> --
> Henrik
>
>
> Boris Segal wrote:
> >
> > Hi Henrik
> >
> > We are using squid proxy (Version 2.5) on Solaris 2.8 X86 platform.
> > the squid run with NTLM authentication mode for internal users
> > authentication - this works fine.
> > But, When trying to access web sites that require user
Authentication
> > (proxiing Basic Authentication) we failed.
> > site for example: http://www.baker.edu/administration/ininfo/
> > we get : The page cannot be displayed error page
> > when not using the NTLM Authentication on the proxy we manage to get
to
> > those sites.
> > (https sites and sites that run a cgi authentication works fine
also - the
> > problem exist only when the other side require
> > In the squid debug log we get :
> >
> > 2001/03/18 12:13:03| authenticateNTLMFixErrorHeader: state 4.
> > 2001/03/18 12:13:03| storeDirWriteCleanLogs: Starting...
> > 2001/03/18 12:13:03| WARNING: Closing open FD 17
> > 2001/03/18 12:13:03| Finished. Wrote 20005 entries.
> > 2001/03/18 12:13:03| Took 0.1 seconds (397137.4 entries/sec).
> > FATAL: unexpected state in AuthenticateNTLMFixErrorHeader.
> > Squid Cache (Version 2.5.DEVEL): Terminated abnormally.
> > It seems that squid doing a restart to himself during this problem,
that's
> > why we get the error : the page can't be displayed.
> >
> > Have You Any idea ?
> >
> > Thank you,
> >
> > Boris Segal
> >
> > -----Original Message-----
> > From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> > Sent: Tuesday, May 01, 2001 4:13 PM
> > To: Garner, Robin
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] unexpected state in
AuthenticateNTLMFixErrorHea
> > der (squid crash)
> >
> > Garner, Robin wrote:
> > >
> > > The other problem is that you can't access some Internet sites
that
> > > require authorization - the proxy doesn't seem to proxy the
> > > authorization request. I'm not sure what authentication methods
are
> > > affected.
> >
> > NTLM authentication cannot be proxied due to a design flaw by MS in
NTLM
> > authentication.
> >
> > Basic and Digest authentication should be proxied fine, and should
also
> > work fine even if you are using NTLM authentication to authenticate
to
> > the proxy.
> >
> > --
> > Henrik Nordstrom
> > Squid Hacker
>
>
Received on Tue May 01 2001 - 15:51:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:58 MST