AW: [squid-users] Problem with ntlm_auth from Rost, Werner on 2002-09-10 (squid-users)

From: Rost, Werner <Werner.Rost@dont-contact.us>
Date: Tue, 10 Sep 2002 17:52:36 +0200

Check with wbinfo:

# /usr/local/samba/bin/wbinfo -t
Secret is good
#

Manual test with wb_ntlmauth fails:

#
# /usr/local/squid/libexec/wb_ntlmauth
TT TlRMTVNTUAABAAAAB7IAAAcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
BH illegal request received

After enableing log_mime_hdrs access.log shows:

# cat access.log
1031672706.392 0 192.125.128.156 TCP_DENIED/407 1239 GET
http://www.google.
de/ - NONE/- text/html [Accept: application/vnd.ms-excel,
application/msword, ap
plication/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg
, */*\r\nAccept-Language: de\r\nAccept-Encoding: gzip,
deflate\r\nUser-Agent: Mo
zilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)\r\nHost:
www.google.de\r\nProxy
-Connection: Keep-Alive\r\nCookie:
PREF=ID=372c6af77de3389b:TB=1:LD=de:TM=101491
2608:LM=1031058836:S=Kc8DoW7Eaf0\r\n] [HTTP/1.0 407 Proxy Authentication
Require
d\r\nServer: squid/2.5.PRE11-20020828\r\nMime-Version: 1.0\r\nDate: Tue, 10
Sep
2002 15:45:06 GMT\r\nContent-Type: text/html\r\nContent-Length:
838\r\nExpires:
Tue, 10 Sep 2002 15:45:06 GMT\r\nX-Squid-Error: ERR_BOGE_DUP_LOGON
0\r\nProxy-Au
thenticate: NTLM\r\nProxy-Authenticate: Basic realm="SQUID-Proxy ZF Boge
Bonn"\r
\n\r]
#

You see "ERR_BOGE_DUP_LOGON". This is defined in squid.conf as:

acl only1 max_user_ip -s 1
http_access deny only1
deny_info ERR_BOGE_DUP_LOGON only1

After changing squid.conf to:

acl only1 max_user_ip -s 10
http_access deny only1
deny_info ERR_BOGE_DUP_LOGON only1

I get the same output to access.log:

1031672959.866 1 192.125.128.156 TCP_DENIED/407 1239 GET
http://www.google.
de/ - NONE/- text/html [Accept: application/vnd.ms-excel,
application/msword, ap
plication/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg
, */*\r\nAccept-Language: de\r\nAccept-Encoding: gzip,
deflate\r\nUser-Agent: Mo
zilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)\r\nHost:
www.google.de\r\nProxy
-Connection: Keep-Alive\r\nCookie:
PREF=ID=372c6af77de3389b:TB=1:LD=de:TM=101491
2608:LM=1031058836:S=Kc8DoW7Eaf0\r\n] [HTTP/1.0 407 Proxy Authentication
Require
d\r\nServer: squid/2.5.PRE11-20020828\r\nMime-Version: 1.0\r\nDate: Tue, 10
Sep
2002 15:49:19 GMT\r\nContent-Type: text/html\r\nContent-Length:
838\r\nExpires:
Tue, 10 Sep 2002 15:49:19 GMT\r\nX-Squid-Error: ERR_BOGE_DUP_LOGON
0\r\nProxy-Au
thenticate: NTLM\r\nProxy-Authenticate: Basic realm="SQUID-Proxy ZF Boge
Bonn"\r
\n\r]
#

> Mit freundlichen Grüßen / regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost@zfboge.com
>
> www.boge-vibrationcontrol.com
> ---------------------------------------------------------------------
>

> -----Ursprüngliche Nachricht-----
> Von: Henrik Nordstrom [mailto:hno@marasystems.com]
> Gesendet am: Dienstag, 10. September 2002 16:45
> An: Rost, Werner; 'squid-users@squid-cache.org'
> Betreff: Re: [squid-users] Problem with ntlm_auth
>
>
> Rost, Werner wrote:
> > 2002/09/10 10:37:59| aclCheck: checking 'http_access deny only1'
> > 2002/09/10 10:37:59| aclMatchAclList: checking only1
> > 2002/09/10 10:37:59| aclMatchAcl: checking 'acl only1
> max_user_ip -s 1'
> > 2002/09/10 10:37:59| authenticateAuthenticate: header NTLM
> > TlRMTVNTUAABAAAAB7IAA
> > AcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
> > 2002/09/10 10:37:59| authenticateAuthenticate: This is a
> new checklist test
> > on F
>
> Looking great so far, but this is only step 2 of 3...
>
>
> If you enable log_mime_hdrs, what do you get in access.log?
>
>
> If you run wb_ntlmauth manually and send
>
> TT TlRMTVNTUAABAAAAB7IAAAcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
>
> what do you get back?
>
>
>
> Is the computer account up to date?
>
> Check with wbinfo that the connection to the domain is
> working the way it
> should (see the Squid FAQ).
>
> Regards
> Henrik
>
>
>
>
> ---------------------------------------------------------
> This Mail has been checked for Viruses
> Attention: Encrypted mails can NOT be checked!
>
> **
>
> Diese Mail wurde auf Viren geprueft
> Hinweis: Verschluesselte mails koennen NICHT auf Viren
> geprueft werden!
> ---------------------------------------------------------
>

---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
Received on Tue Sep 10 2002 - 09:54:29 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:10 MST