Re: [squid-users] Problems using NTLM

----- Original Message -----
From: <Sascha.Hemmerling@ision.net>
To: <squid-users@squid-cache.org>
Sent: Friday, May 25, 2001 10:46 PM
Subject: [squid-users] Problems using NTLM

> Hi !
>
> I'm trying to get ntlm to work, but there seems to be some problems.
> Maybe someone can help me solving the problem.
>
> I'm using Solaris 7, squid-head-200105222300, ntlm-patch applied.
>

Uhmm, for future reference: try without the ntlm patch. The ntlm branch
has been broken before , and will break again. Code we are satisfied
with, and that non-developers should feel ok using, will be found in
head. Don't bother switching until we've debugged this problem though:
any fix will go into the ntlm branch first :]

> Because I also compiled MSNT in, I tried first to connect to the PDC
using
>
> MSNT on command line to see if connection could be established
somehow:
>
> /opt/IOIsquid-2.5-20010522/libexec/squid/msnt_auth
> hauke secret
> OK
> foo bar
> ERR
>
> That looks like it's working.
>
> Then I started squid and got the follwing start-up messages:
>
>
> After that I tried to connect using ntlm, logged on as user hauke,
> password secret and the domain PROXY on NT4, and startet IE4.
> I've got the following results:
>
> ntlm-auth[13106](ntlm_auth.c:264): managing request
> ntlm-auth[13106](ntlm_auth.c:270): ntlm authenticator. Got
'YR'
> from Squid
> ntlm-auth[13106](ntlm_auth.c:219): obtain_challenge: getting
new
> challenge
> ntlm-auth[13106](ntlm_auth.c:223): getting challenge from
> PROXY\PROXYAUTH (attempt no. 1)
> ntlm-auth[13106](libntlmssp.c:114): Connecting to server
PROXYAUTH
> domain PROXY
> ntlm-auth[13106](ntlm_auth.c:225): make_challenge retuned
358f8
> ntlm-auth[13106](ntlm_auth.c:227): Got it
> ntlm-auth[13106](ntlm_auth.c:404): sending 'TT
> TlRMTVNTUAACAAAAAAUABQAAACiCgkEADwowlnIzvkkAAAAAAAAAAFBST1hZ' to
squid
> ntlm-auth[13106](ntlm_auth.c:264): managing request
> ntlm-auth[13106](ntlm_auth.c:270): ntlm authenticator. Got 'KK
>
TlRMTVNTUAADAAAAGAAYAFMAAAAYABgAawAAAAUABQBAAAAABQAFAEUAAAAJAAkASgAAAAAA
AACDAAAAgoIAAFBST1hZSEFVS0VQUk9YWUFVVEiU1qS+Dh3ZeQM7ZUA2HnHZ31NUA/OSY9d9
nBKxVXI512Itbb3C8mWjV5lYV4qF6dw='
> from Squid
> ntlm-auth[13106](ntlm_auth.c:388): sending 'BH unknown
> authentication packet type' to squid
> 2001/05/25 09:15:08| authenticateNTLMDirection: called before
NTLM
> Authenticate!. Report a bug to quid-dev.

Is your machine bigendian or littleendian? That KK packet looks ok to me
at first-inspection...

> Then I've got a pop-up Window asking for username and password.
> I've typed in "hauke" and "secret" and got the same result.

By then it's already died :[.

> I also tried using IE5 on W2k there I've got nearly the same messages,
but
> it
> seems to stop earlier somehow:
>
> ntlm-auth[13106](ntlm_auth.c:264): managing request
> ntlm-auth[13106](ntlm_auth.c:270): ntlm authenticator. Got
'YR'
> from Squid
> ntlm-auth[13106](ntlm_auth.c:219): obtain_challenge: getting
new
> challenge
> ntlm-auth[13106](ntlm_auth.c:223): getting challenge from
> PROXY\PROXYAUTH (attempt no. 1)
> ntlm-auth[13106](libntlmssp.c:114): Connecting to server
PROXYAUTH
> domain PROXY
> ntlm-auth[13106](ntlm_auth.c:225): make_challenge retuned
358f8
> ntlm-auth[13106](ntlm_auth.c:227): Got it
> ntlm-auth[13106](ntlm_auth.c:404): sending 'TT
> TlRMTVNTUAACAAAAAAUABQAAACiCgkEADwowlnIzvkkAAAAAAAAAAFBST1hZ' to
squid

What happened after that? squid should have sent that challenge to the
browser.

> Does anyone have suggestions ?

You've found a new bug. I'd love to blame MS, but just yet it may be
squid or MS.

> I've searched the whole mailing-list archive without finding a
solution.

Thank you for looking first!. I appreciate that.

Rob
Received on Fri May 25 2001 - 07:15:33 MDT