Hi Amos,
Could you let me know what are valid respones from the negotiate helper
compared to ntlm helper ? It seems I have to translate them.
Thank you
Markus
"Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
news:ilcv9m$kra$1_at_dough.gmane.org...
> Hi Amos,
>
> When I use my wrapper I had to modify the samba ntlm_auth helper to
> return another AF string. I run 3.0.STABLE25 and
> /usr/bin/ntlm_auth -V
> Version 3.5.4-2489-SUSE-SL11.3
>
>
> FATAL: authenticateNegotiateHandleReply: *** Unsupported helper response
> ***, 'AF WIN2003R2\administrator'
>
> Would it be possible that the Negotiate reply handler accepts both formats
> ? I used
>
> auth_param negotiate program /usr/sbin/negotiate_wrapper -d --ntlm
> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
> /usr/sbin/squid_kerb_auth -d -s GSS_C_NO_NAME
>
>
> Thank you
> Markus
>
>
> 2011/03/10 22:44:34| negotiate_wrapper: Got 'YR
> TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==' from squid
> (length: 59).
> 2011/03/10 22:44:34| negotiate_wrapper: Decode
> 'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==' (decoded
> length: 40).
> 2011/03/10 22:44:34| negotiate_wrapper: received type 1 NTLM token
> 2011/03/10 22:44:34| negotiate_wrapper: Got 'KK
> TlRMTVNTUAADAAAAGAAYAIAAAAAYABgAmAAAABIAEgBIAAAAGgAaAFoAAAAMAAwAdAAAAAAAAACwAAAABYKIogUCzg4AAAAPVwBJAE4AMgAwADAAMwBSADIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBXADIASwAzAFIAMgCkBlG0MZTzRwAAAAAAAAAAAAAAAAAAAABFkwULOmCaiWNR/69aXr44O8ZJJ/pEwzE='
> from squid (length: 239).
> 2011/03/10 22:44:34| negotiate_wrapper: Decode
> 'TlRMTVNTUAADAAAAGAAYAIAAAAAYABgAmAAAABIAEgBIAAAAGgAaAFoAAAAMAAwAdAAAAAAAAACwAAAABYKIogUCzg4AAAAPVwBJAE4AMgAwADAAMwBSADIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBXADIASwAzAFIAMgCkBlG0MZTzRwAAAAAAAAAAAAAAAAAAAABFkwULOmCaiWNR/69aXr44O8ZJJ/pEwzE='
> (decoded length: 176).
> 2011/03/10 22:44:34| negotiate_wrapper: received type 3 NTLM token
> 2011/03/10 22:44:35| storeDirWriteCleanLogs: Starting...
> 2011/03/10 22:44:35| WARNING: Closing open FD 25
> 2011/03/10 22:44:35| Finished. Wrote 2747 entries.
> 2011/03/10 22:44:35| Took 0.00 seconds (1852326.37 entries/sec).
> FATAL: authenticateNegotiateHandleReply: *** Unsupported helper response
> ***, 'AF WIN2003R2\administrator'
>
> Squid Cache (Version 3.0.STABLE25): Terminated abnormally.
> CPU Usage: 0.225 seconds = 0.017 user + 0.208 sys
> Maximum Resident Size: 39392 KB
> Page faults with physical i/o: 0
> Memory usage for squid via mallinfo():
> total space in arena: 3244 KB
> Ordinary blocks: 3163 KB 7 blks
> Small blocks: 0 KB 0 blks
> Holding blocks: 3664 KB 13 blks
> Free Small blocks: 0 KB
> Free Ordinary blocks: 80 KB
> Total in use: 6827 KB 210%
> Total free: 80 KB 2%
> 2011/03/10 22:44:38| Starting Squid Cache version 3.0.STABLE25 for
> i686-suse-linux-gnu...
>
>
>
> "Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
> news:4C651EB3.6020604_at_treenet.co.nz...
>> Markus Moeller wrote:
>>>
>>> "Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
>>> news:4C5187D2.5010203_at_treenet.co.nz...
>>>> Markus Moeller wrote:
>>>>> Hi Amos,
>>>
>>> Hi Amos
>>>
>>>>>
>>>>> How does your time look like now ?
>>>>>
>>>>> Regards
>>>>> Markus
>>>>>
>>>>
>>>> Looks passable. I have not had time for a detailed view of the logics.
>>>> I'll commit this tomorrow with a name tweak, the naming scheme has been
>>>> through the external acl helpers too now. I'll just tack ext_ on the
>>>> front and _acl on the back of the existing binary name and update the
>>>> docs to match.
>>>>
>>>> One thing that worries me still is the RUN_IFELSE autoconf macros still
>>>> being added to configure.in. I'm sure there is a macro that checked for
>>>> defined values of things inside headers without running stuff. If you
>>>> can try and find that it would be great not to have to run anything on
>>>> build.
>>>>
>>>
>>> I have 4 RUN_IFELSE.
>>>
>>> The first is to check to check that ldap works with the provided
>>> libraries. Is that unusual ? Any other suggestion how to check ?
>>
>> Um, okay. Thats reasonable on build. Duplicating at run-time may also be
>> useful since the particular run-time libraries are not always the ones
>> built against.
>>
>>> The other three are to determine the LDAP vendor, which is a define
>>> statement in one of the ldap header files and as it is a string in a
>>> define I can not use any header grep nor proprocessor checks ( at least
>>> I do not know of any).
>>
>> Nasty. Oh well.
>>
>>
>> Okay. Have applied to Squid-3.HEAD with the extra ext_*_acl bits on the
>> binary name and docs for the current naming style.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE9 or 3.1.6
>> Beta testers wanted for 3.2.0.1
>>
>
>
>
Received on Fri Mar 11 2011 - 12:13:08 MST
This archive was generated by hypermail 2.2.0 : Sat Mar 12 2011 - 12:00:03 MST