Re: Problem authenticating with Negotiate-NTLM

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Fri, 8 Apr 2011 13:59:08 +0100

"Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
news:im5hrq$vbr$1_at_dough.gmane.org...
>I did some further tests and noticed the following:
>
> 1) IE with squid 3.0 works using my wrapper (See ie-nego-3.0.tgz)
> 2) Polygraph with squid 3.0 fails for ntlm (either via negotiate-ntlm or
> pure ntlm) ( See polygraph-4.3.1-3.0.tgz

I can get 3.0 to work by adding Connection: Keep-Alive to Polygraphs client
code.

> 3) Polygraph with squid 3.2 works for ntlm but fails negotiate-ntlm (See
> polygraph-4.3.1-3.2.tgz)
>

3.2 need still further analysis

>
> Markus
>
>
> "Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
> news:im4v3n$374$1_at_dough.gmane.org...
>> Hi,
>>
>> I try to use my negotiate-wrapper with auth_ntlm and squid-3.2 and see
>> that the helper returns TT ... and squid logs
>>
>> 2011/03/20 13:08:19.544 kid1| negotiate/negotiateUserRequest.cc(201)
>> authenticate: need to challenge client
>> 'TlRMTVNTUAACAAAAEgASADAAAAAFgomivxsqHXpxr1kAAAAAAAAAAHQAdABCAAAAVwBJAE4AMgAwADAAMwBSADIAAgASAFcASQBOADIAMAAwADMAUgAyAAEAFABPAFAARQBOAFMAVQBTAEUAMQAxAAQAEgBzAHUAcwBlAC4AaABvAG0AZQADACgAbwBwAGUAbgBzAHUAcwBlADEAMQAuAHMAdQBzAGUALgBoAG8AbQBlAAAAAAA='!
>>
>> but in the wireshark log I don't see a proxy-authenticate header line to
>> challenge the client. What could be the reason ?
>>
>> When I switch to Negotiate-Kerberos everything works.
>>
>> Attached are the config and log files.
>>
>> Markus
>>
>>
>

Markus
Received on Fri Apr 08 2011 - 13:16:59 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 10 2011 - 12:00:04 MDT