Re: [squid-users] Squid 2.5 NLTM authentication in Accelerator only mode - help ple ase

From: Robert Collins <robert.collins@dont-contact.us>
Date: 30 Aug 2001 21:08:28 +1000

On 30 Aug 2001 12:54:29 +0200, Steven Thompson wrote:
> Hi All
>
> I have set-up and tested NTLM authentication in proxy only mode
> and it works fine. My PDC authenticates my browser IE 5.5 no problem with
>
> Problem in Accelerator mode:
> When I connect to the Squid Accelerator box it prompts me to for my
> username, password
> and domain, but it does not authenticate me successfully. The NT security
> log says bad
> username or password. The strange thing is it works fine in proxy only mode.

We haven't had the time/opportunity/motivation to test acceleration mode
for ntlm. (It won't operate over proxies, which limits its use to
accelerated intranets anyway).

However, I'm happy to work with you to see whats happening... it has
been coded in such a fashion that it _should_ work. Obviously, for
whatever reason, it's not.

When you the NT security log, I presume you mean on the PDC?

Can you turn squid's debugging to 29,9 and do a _single_ attempt with a
test usercode (one whose password you can disclose) to the accelerator
machine? Also rebuild the NTLMSSP helper with -DDEBUG for that test,
that will tell us what the PDC is doing.

The resulting log will have the ntlm challenge and response in it along
with the attempted negotiation. Can you bzip that and send it to me for
analysis.

If you want to encrypt it, you can get my gpg keys from
http://lifeless.home.dhs.org/

Rob
Received on Thu Aug 30 2001 - 05:08:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:57 MST