RE: I know the Problem with ntlm from Robert Collins on 2000-10-09 (squid-users)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Tue, 10 Oct 2000 12:17:30 +1100

Hi Thomas.

yes your usernames need to be uppercase for NTLM. I'll checkin a fix
allowing case-insensitive usernames for this in the next day or two
(when I get time to touch the code again).

There is something strange happening in two places:
The returned username that squid found the first time was
"HERPA\GOEBELT"
then squid got HERPA\GOEBEL which wouldn't be found - this will need
further investigation. (but the log should provide enough information).

Do you mind if I forward the log to kinkie (who has done the NTLMSSP
helper) to see why the HERPA\GOEBEL response was created?

The second strange thing is that auth requests from IE are being
received with no negotiate step!
I'm going to dig into that and some funny stuff happening with the
request passing tonight (GMT+10), and I'll mail out when I have a
solution, or if I need some more debugging from you.

Rob

> -----Original Message-----
> From: Thomas Goebel [mailto:thomas@an-netz.de]
> Sent: Monday, 9 October 2000 11:53 PM
> To: Robert Collins
> Subject: I know the Problem with ntlm
>
>
> Hallo,
>
> the problem is in the authentication mechanism to find an entry in my
> user_allow-file
>
> acl domainusers proxy_auth "/etc/squid/proxy_user_allow.txt"
>
> Only when i add these lines
> GoebelT # for Basic authentication
> HERPA\GOEBEL
> HERPA\GOEBELT
> herpa\goebelt
> herpa\goebel
> goebelt # for Basic authentication
>
> to the proxy_user_allow.txt file. I can download some
> html/img from the
> browser-startingpage BUT not the whole page. After they had download
> some images and text they ask me again for a login/passwd.
>
> If i enter the user an password i must be carefull with upper and
> lowercase.
>
> But i dont know why the loading of the first page stops?!?
>
> I the cache.log file i send. i have mark the point where the
> authentication windows comes on the screen.
>
> I hope you can patch these, that i need only one entry in the
> user-allow
> file. :-))
>
> cu
>
> Thomas
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Mon Oct 09 2000 - 19:21:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:43 MST