Squid: 2.5DEVEL-NTLM
OS: Solaris 7
Client machine: WinNT 4.0 (SP6) w/IE 5.5(SP1)
In squid.conf, I have the following entries:
auth_param ntlm program <squid_path>/bin/ntlm_auth staff\unistaff2
auth_param ntlm children 1
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
acl ie_test proxy_auth REQUIRED
http_access allow ie_test
Accessing a page from Internet Explorer never returns (and Squid does not
return an 'Access Denied' error page, either).
Switching on debug (29,9) produces some possibly relevant output:
ntlm-auth[19355](ntlm_auth.c:207): ntlm authenticator. Got 'YR' from Squid
ntlm-auth[19355](libntlmssp.c:111): Connecting to server UNISTAFF2 domain STAFF
ntlm-auth[19355](ntlm_auth.c:293): sending 'TT TlRM...ZG' to squid
ntlm-auth[19355](ntlm_auth.c:332): managing requests
2001/01/10 14:44:14| helperStatefulHandleRead: 64 bytes from ntlmauthenticator
#1.
2001/01/10 14:44:14| helperStatefulHandleRead: end of reply found
2001/01/10 14:44:14| authenticateNTLMHandleReply: Helper: '2195888' {TT
TlRM...ZG}
2001/01/10 14:44:14| authenticateNTLMHandleReply: helper '2195888'
2001/01/10 14:44:14| authenticateValidateUser: Validating Auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateValidateUser: Validated Auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateValidateUser: Validating Auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateValidateUser: Validated Auth_user request
'4396472'.
2001/01/10 14:44:14| User not fully authenticated.
2001/01/10 14:44:14| authenticateValidateUser: Validating Auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateValidateUser: Validated Auth_user request
'4396472'.
2001/01/10 14:44:14| User not fully authenticated.
2001/01/10 14:44:14| authenticateAuthUserRequestUnlock auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateAuthUserRequestUnlock auth_user_request
'4396472' now at '1'.
2001/01/10 14:44:14| authenticateAuthUserRequestLock auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateAuthUserRequestLock auth_user request
'4396472' now at '2'.
2001/01/10 14:44:14| authenticateFixHeader: headertype:34 authuser:4396472
2001/01/10 14:44:14| authenticateNTLMFixErrorHeader: Sending type:34 header:
'NTLM TlRM...ZG'
2001/01/10 14:44:14| authenticateAuthUserRequestUnlock auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateAuthUserRequestUnlock auth_user_request
'4396472' now at '1'.
2001/01/10 14:44:14| NTLM HandleReply, telling stateful helper : 3
2001/01/10 14:44:14| StatefulHandleRead: reserving ntlmauthenticator #1 for
deferred requests.
2001/01/10 14:44:14| StatefulGetFirstAvailable: Running servers 1.
2001/01/10 14:44:14| authenticateNTLMHelperServerAvailable: not starving -
returning 1
2001/01/10 14:44:14| authenticateNTLMReleasehelper: releasing helper '2195888'
2001/01/10 14:44:14| authenticateNTLMOnCloseConnection: Unlocking auth_user
from the connection.
2001/01/10 14:44:14| authenticateAuthUserRequestUnlock auth_user request
'4396472'.
2001/01/10 14:44:14| authenticateAuthUserRequestUnlock auth_user_request
'4396472' now at '0'.
2001/01/10 14:44:14| authenticateAuthUserRequestFree: freeing request 4396472
2001/01/10 14:44:14| authenticateAuthUserUnlock auth_user '4441480'.
2001/01/10 14:44:14| authenticateAuthUserUnlock auth_user '4441480' now at '0'.
2001/01/10 14:44:14| authenticateFreeProxyAuthUser: Freeing auth_user '4441480'
with refcount '0'.
2001/01/10 14:44:14| authenticateNTLMFreeUser: Clearing NTLM scheme data
2001/01/10 14:44:14| authenticateProxyUserCacheCleanup: Cleaning the user cache
now
2001/01/10 14:44:14| authenticateProxyUserCacheCleanup: Current time: 979103641
2001/01/10 14:44:14| authenticateProxyUserCacheCleanup: Finished cleaning the
user cache
Is the 'User not fully authenticated' a problem, or it that just the initial
407 from Squid to the browser?
Is there any way to confirm that the authenticators are talking to the NT
Domain servers successfully?
Any other suggestions?
Thanks,
David.
__
David Gameau
I.T.S. - Unix Team
University of South Australia
email: David.Gameau@UniSA.edu.au
phone: +61 8 302 3533
fax: +61 8 302 5800
Disclaimer: I didn't do it. Nobody saw me do it. You can't prove anything.
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Tue Jan 09 2001 - 22:31:51 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:24 MST