Re: I know the Problem with ntlm

Hi Thomas

We have four issues we have discussed in this mailing thread:
1. Problems with the returned username's case
2. Problems with the returned usernames content (the high ascii character on
a couple of entries)
3. Problems with the returned usernames format (DOMAIN\USER)
4. Problems with IE sending packets in the wrong order.
5. The logging format (DOMAIN%2FUSERNAME instead of DOMAIN\USERNAME)

The answers (and by implication the answer to your question below)
1.
The NTLMSSP helper will be altered to always return lower case. Timeframe:
near future.

2.
I have passed the log to kinkie out of band. It contains the DES encoded
password hashes NTLM uses to authenticate from your samba server thru
squid - that is why you don't want it posted on the list :-}. When we've
fixed these bugs both kinkie and I will delete the log file. Hopefully we
can figure whether we have a bug in the decode logic, or your IE passed bad
data. Timeframe: near future.

3.
This is undergoing further discussion on squid-dev to sort out any issues
that might arise from such a patch. If we cannot do it for some reason (most
probably the one already mentioned: DOMAIN\ is an integral part of NTLM)
then you are welcome to do a patch yourself. However if we can do one it
will be alpha tested by kinkie and I and then thrown into CVS so you can use
it. Timeframe: slightly further away: this doesn't affect the usefulness of
squid's NTLM use, just adds a step to configuration.

4.
I am going to send you a very useful tool kinkie put together which can trap
the http headers being issued by the client and squid. At the moment, it
looks like ie or the squid-ntlm code is confused. I'll drop that tool to you
shortly with some instructions.

5.
No intention to look at this for the moment. I need to find out whether we
can use \ in the log file first: and getting the code fully functional takes
precedence.
BTW: Duane/Henrik/Adrian - can I log DOMAIN\USER rather than the escaped
version without breaking log analysers etc etc.?

Rob

----- Original Message -----
From: "Thomas Goebel" <thomas@an-netz.de>
To: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
Cc: "'Robert Collins'" <robert.collins@itdomain.com.au>;
<squid-users@ircache.net>
Sent: Tuesday, October 10, 2000 7:26 PM
Subject: Re: I know the Problem with ntlm

> Hallo,
>
> > Cannot do. What about the case where you have user foo\bar and
gazonk\bar
> > then? No, the domain part is to remain. Blame Microsoft for such a
> > dumb design.
>
> Does this means, i must add X lines for one User. like this:
> USERA
> usera
> UserA
> DOMAIN\USER1
> domain\user1
>
> What happend in my cache.log File(Robert sendt it)? The Username was not
> correct displayed.
>
> cu
>
> Thomas
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html