[squid-users] Another ntlm_auth problem

From: Gerard Eviston <geviston@dont-contact.us>
Date: Sat, 3 Aug 2002 18:50:44 +1000

Hello all,

In addition to my ldap_group woes, I'm having trouble with the SMB
helper on 2.5.PRE10 / AIX 5L. Squid.conf has the usual:

auth_param ntlm program /usr/local/squid/libexec/ntlm_auth DOMAIN/PDC
acl passwd proxy_auth REQUIRED
http_access allow password

Using "ntlm_auth -d DOMAIN/PDC" I get something along the lines of (some
of this is invented for the sake of example :-)

ntlm authenticator. Got 'YR' from Squid
obtain_challenge: getting new challenge
getting challenge from DOMAIN\PDC (attempt no. 1)
Connecting to server PDC domain DOMAIN
make_challenge retuned 2000b8c
Got it
sending 'TT TlRM.....' to squid

and nothing else. No KK or BH, just silence.

After looking further into it, it seems that the browser is sending a
reset and dropping the connection instead of proceeding with the
authentication. I have tested this with IE6 / NT4 and IE 5.01 / W2K, and
by setting LMCompatibilityLevel to 1 on the client machine, but it just
wont budge. Intergrated authentication is ticked in the browser.

Using fake_auth everyting is fine.

Could this be an AIX-specific issue (I haven't got another OS to test it
on). Also I remember mention of an endianness problem a little while
back but I might be reading too much into this.

Any ideas?

Gerard
Received on Sat Aug 03 2002 - 02:50:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:30 MST