The problem becomes more and more curious. Now I am not able to get the
error messages below.
Environment is described below.
Now I tried following:
1. Stopping squid, smbd, nmbd, winbindd
2. Starting smbd, nmbd, winbindd
3. Enable debugging ( debug_options ALL,1 28,9 )
and starting squid
4. Try accessing an internet site (www.google.de) with IE 5.5
IE says "opening www.google.de " but nothing is displayed
After about 15 minutes I killed IE
access.log shows:
1031647079.955 1 192.125.128.156 TCP_DENIED/407 1239 GET
http://www.google.
de/ - NONE/- text/html
cache.log shows:
2002/09/10 10:37:12| Starting Squid Cache version 2.5.PRE11-20020828 for
alphaev
67-dec-osf5.1...
2002/09/10 10:37:12| Process ID 2975
2002/09/10 10:37:12| With 4096 file descriptors available
2002/09/10 10:37:12| DNS Socket created at 0.0.0.0, port 1312, FD 5
2002/09/10 10:37:12| Adding nameserver 10.23.4.130 from squid.conf
2002/09/10 10:37:12| Adding nameserver 10.23.16.130 from squid.conf
2002/09/10 10:37:12| helperStatefulOpenServers: Starting 5 'wb_ntlmauth'
process
es
2002/09/10 10:37:12| helperOpenServers: Starting 5 'wb_auth' processes
2002/09/10 10:37:12| Unlinkd pipe opened on FD 18
2002/09/10 10:37:12| Swap maxSize 16384000 KB, estimated 1260307 objects
2002/09/10 10:37:12| Target number of buckets: 63015
2002/09/10 10:37:12| Using 65536 Store buckets
2002/09/10 10:37:12| Max Mem size: 262144 KB
2002/09/10 10:37:12| Max Swap size: 16384000 KB
2002/09/10 10:37:12| Store logging disabled
2002/09/10 10:37:12| Rebuilding storage in /data1/squid_cache (CLEAN)
2002/09/10 10:37:12| Rebuilding storage in /data2/squid_cache (CLEAN)
<snip>
2002/09/10 10:37:59| authenticateAuthenticate: broken auth or no proxy_auth
head
er. Requesting auth header.
2002/09/10 10:37:59| aclMatchAcl: returning 0 sending authentication
challenge.
<snip>
2002/09/10 10:37:59| aclCheck: checking 'http_access deny only1'
2002/09/10 10:37:59| aclMatchAclList: checking only1
2002/09/10 10:37:59| aclMatchAcl: checking 'acl only1 max_user_ip -s 1'
2002/09/10 10:37:59| authenticateAuthenticate: header NTLM
TlRMTVNTUAABAAAAB7IAA
AcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
2002/09/10 10:37:59| authenticateAuthenticate: This is a new checklist test
on F
D:20
2002/09/10 10:37:59| authenticateAuthenticate: no connection authentication
type
2002/09/10 10:37:59| aclMatchAcl: returning 0 sending credentials to helper.
2002/09/10 10:37:59| aclMatchAclList: returning 0
2002/09/10 10:37:59| aclCheck: checking password via authenticator
BTW: PDC is a WIN NT server (SP6a).
-------------------------------------------------------------------
I found some FATAL-message in cache.log:
FATAL: authenticateNTLMHandleReply: called with no result string
Squid Cache (Version 2.5.PRE11-20020828): Terminated abnormally.
CPU Usage: 0.335 seconds = 0.053 user + 0.282 sys
Maximum Resident Size: 5320 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 4334 KB
Ordinary blocks: 4026 KB 6726 blks
Small blocks: 0 KB 0 blks
Holding blocks: 0 KB 0 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 307 KB
Total in use: 4026 KB 93%
Total free: 307 KB 7%
At the same time a core dump was generated.
I found similar discussions in the archives. Robert Collins metioned "There
is an endianness bug in NTLM at the moment. I've a fix pending
checkin." (17-May-2002)
Seems that this bug is not fixed yet.
Environment:
OS: TRU64 5.1A patchkit 3
Squid Cache (Version 2.5.PRE11-20020828)
Internet Explorer 5.5
configuration of Squid:
./configure --enable-auth="ntlm,basic" \
--enable-external-acl-helpers="winbind_group" \
--enable-basic-auth-helpers="winbind" \
--enable-ntlm-auth-helpers="winbind"
Installation of samba 2.2.5
./configure --with-winbind \
--with-winbind-auth-challenge
Inserting the patch for smbpasswd.c
make
make install
Lines in squid.conf:
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
#
auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 5
auth_param basic realm SQUID-Proxy ZF Boge Bonn
auth_param basic credentialsttl 2 hours
> Mit freundlichen Grüßen / regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost@zfboge.com
>
> www.boge-vibrationcontrol.com
> ---------------------------------------------------------------------
>
>
---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!
**
Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!
**
Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!
**
Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
Received on Tue Sep 10 2002 - 03:09:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:10 MST