Re: Problem authenticating with Negotiate-NTLM from Markus Moeller on 2011-03-20 (squid-dev)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Sun, 20 Mar 2011 18:42:04 -0000

I did some further tests and noticed the following:

1) IE with squid 3.0 works using my wrapper (See ie-nego-3.0.tgz)
2) Polygraph with squid 3.0 fails for ntlm (either via negotiate-ntlm or
pure ntlm) ( See polygraph-4.3.1-3.0.tgz
3) Polygraph with squid 3.2 works for ntlm but fails negotiate-ntlm (See
polygraph-4.3.1-3.2.tgz)

Markus

"Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
news:im4v3n$374$1_at_dough.gmane.org...
> Hi,
>
> I try to use my negotiate-wrapper with auth_ntlm and squid-3.2 and see
> that the helper returns TT ... and squid logs
>
> 2011/03/20 13:08:19.544 kid1| negotiate/negotiateUserRequest.cc(201)
> authenticate: need to challenge client
> 'TlRMTVNTUAACAAAAEgASADAAAAAFgomivxsqHXpxr1kAAAAAAAAAAHQAdABCAAAAVwBJAE4AMgAwADAAMwBSADIAAgASAFcASQBOADIAMAAwADMAUgAyAAEAFABPAFAARQBOAFMAVQBTAEUAMQAxAAQAEgBzAHUAcwBlAC4AaABvAG0AZQADACgAbwBwAGUAbgBzAHUAcwBlADEAMQAuAHMAdQBzAGUALgBoAG8AbQBlAAAAAAA='!
>
> but in the wireshark log I don't see a proxy-authenticate header line to
> challenge the client. What could be the reason ?
>
> When I switch to Negotiate-Kerberos everything works.
>
> Attached are the config and log files.
>
> Markus
>
>

application/x-compressed attachment: ie-nego-3.0.tgz

application/x-compressed attachment: polygraph-4.3.1-3.0.tgz

application/x-compressed attachment: polygraph-4.3.1-3.2.tgz

Received on Sun Mar 20 2011 - 18:47:21 MDT

This archive was generated by hypermail 2.2.0 : Sun Mar 27 2011 - 12:00:05 MDT