Re: [SQU] help with ntlm authentication needed from Jakob Curdes on 2000-11-02 (squid-users)

From: Jakob Curdes <jc@dont-contact.us>
Date: Thu, 2 Nov 2000 16:37:25 +0100

Thank you for your quick help. I think I got the idea ,
however I am unsure if I am specifying the user string correctly, because
I still get an "Access denied" error.

My test acls are

acl all src 192.168.0.0-192.168.255.255/255.255.0.0
acl Safe_ports port 21 70 80 210 443 563 1025-65535 8080
acl allowed_users proxy_auth iS\jc (test example; user/domain exist)

http_access deny !Safe_ports
http_access allow allowed_users
http_access deny all

(minimal set)

The log file says (access-log)
973179375.702 10 192.168.2.12 TCP_DENIED/403 1066 GET http://192.168.2.1/index.html is%5cjc NONE/- text/html

and (cache-log)
ntlm-auth[20036](ntlm_auth.c:327): ntlm authenticator. Got 'TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA' from cache
ntlm-auth[20036](ntlm_auth.c:381): status 0
ntlm-auth[20036](libntlmssp.c:150): Connecting to server
ntlm-auth[20036](ntlm_auth.c:520): managing request
ntlm-auth[20036](ntlm_auth.c:327): ntlm authenticator. Got 'TlRMTVNTUAADAAAAGAAYAEAAAAAAAAAAWAAAAAIAAgA0AAAAAgACADYAAAAIAAgAOAAAAElTSkNDUlVOQ0hFUnG87c+iNTqt6r7DHmFFIM8am6RGuTXG2E==' from cache
ntlm-auth[20036](ntlm_auth.c:426): Trying the fast-track way
ntlm-auth[20036](ntlm_auth.c:435): cache miss. taking the long route, stopping by Redmond.
ntlm-auth[20036](libntlmssp.c:258): checking domain: 'IS', user: 'JC', pass='q¼íÏ¢5:ê¾ÃaE Ï›¤F¹5ÆØ'
SessSetupAndX response. Action = 0
ntlm-auth[20036](libntlmssp.c:262): result is 0
ntlm-auth[20036](libntlmssp.c:271): credentials: IS\JC
ntlm-auth[20036](ntlm_auth.c:461): sending OK for user is\jc
ntlm-auth[20036](ntlm_auth.c:463): storing in cache entry for creds is\jc
ntlm-auth[20036](ntlm_auth.c:520): managing request
ntlm-auth[20036](ntlm_auth.c:181): ntlm-auth[20039](ntlm_auth.c:181): housekeeping..

This looks to me like the ntlm authentication succeeds. So I suppose something is wrong with the user syntax !? I did not find
any mentioning how this syntax should be. I tried several combinations like IS\JC but no success.

Yours
Jakob Curdes

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Thu Nov 02 2000 - 09:43:39 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:13 MST