AW: [squid-users] Problem with ntlm_auth from Rost, Werner on 2002-09-11 (squid-users)

From: Rost, Werner <Werner.Rost@dont-contact.us>
Date: Wed, 11 Sep 2002 08:06:35 +0200

Ok, here are the new tests:

# /usr/local/samba/bin/wbinfo -t
Secret is good
#

"KK" instead of "TT":

# /usr/local/squid/libexec/wb_ntlmauth
KK TlRMTVNTUAABAAAAB7IAAAcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
NA -\- auth failure because: Received neg-request while expecting auth
packet
BH illegal request received

Trying witout "max_user_ip" has no success:

# grep max_user_ip ../etc/squid.conf
# See also the acl max_user_ip. The max_user_ip acl replaces
# acl aclname max_user_ip [-s] number
##acl only1 max_user_ip -s 1

After reloading squid access.log shows:

1031724203.292 31 192.125.128.156 TCP_DENIED/407 1647 GET
http://www.google.
de/ - NONE/- text/html [Accept: application/vnd.ms-excel,
application/msword, ap
plication/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg
, */*\r\nAccept-Language: de\r\nAccept-Encoding: gzip,
deflate\r\nUser-Agent: Mo
zilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)\r\nHost:
www.google.de\r\nProxy
-Connection: Keep-Alive\r\nCookie:
PREF=ID=372c6af77de3389b:TB=1:LD=de:TM=101491
2608:LM=1031058836:S=Kc8DoW7Eaf0\r\n] [HTTP/1.0 407 Proxy Authentication
Require
d\r\nServer: squid/2.5.PRE11-20020828\r\nMime-Version: 1.0\r\nDate: Wed, 11
Sep
2002 06:03:23 GMT\r\nContent-Type: text/html\r\nContent-Length:
1240\r\nExpires:
Wed, 11 Sep 2002 06:03:23 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nPr
oxy-Authenticate: NTLM\r\nProxy-Authenticate: Basic realm="SQUID-Proxy ZF
Boge B
onn"\r\n\r]
#

--------------------------------------------------------------

Check with wbinfo:

# /usr/local/samba/bin/wbinfo -t
Secret is good
#

Manual test with wb_ntlmauth fails:

#
# /usr/local/squid/libexec/wb_ntlmauth
TT TlRMTVNTUAABAAAAB7IAAAcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
BH illegal request received

After enableing log_mime_hdrs access.log shows:

# cat access.log
1031672706.392 0 192.125.128.156 TCP_DENIED/407 1239 GET
http://www.google.
de/ - NONE/- text/html [Accept: application/vnd.ms-excel,
application/msword, ap
plication/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg
, */*\r\nAccept-Language: de\r\nAccept-Encoding: gzip,
deflate\r\nUser-Agent: Mo
zilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)\r\nHost:
www.google.de\r\nProxy
-Connection: Keep-Alive\r\nCookie:
PREF=ID=372c6af77de3389b:TB=1:LD=de:TM=101491
2608:LM=1031058836:S=Kc8DoW7Eaf0\r\n] [HTTP/1.0 407 Proxy Authentication
Require
d\r\nServer: squid/2.5.PRE11-20020828\r\nMime-Version: 1.0\r\nDate: Tue, 10
Sep
2002 15:45:06 GMT\r\nContent-Type: text/html\r\nContent-Length:
838\r\nExpires:
Tue, 10 Sep 2002 15:45:06 GMT\r\nX-Squid-Error: ERR_BOGE_DUP_LOGON
0\r\nProxy-Au
thenticate: NTLM\r\nProxy-Authenticate: Basic realm="SQUID-Proxy ZF Boge
Bonn"\r
\n\r]
#

You see "ERR_BOGE_DUP_LOGON". This is defined in squid.conf as:

acl only1 max_user_ip -s 1
http_access deny only1
deny_info ERR_BOGE_DUP_LOGON only1

After changing squid.conf to:

acl only1 max_user_ip -s 10
http_access deny only1
deny_info ERR_BOGE_DUP_LOGON only1

I get the same output to access.log:

1031672959.866 1 192.125.128.156 TCP_DENIED/407 1239 GET
http://www.google.
de/ - NONE/- text/html [Accept: application/vnd.ms-excel,
application/msword, ap
plication/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg
, */*\r\nAccept-Language: de\r\nAccept-Encoding: gzip,
deflate\r\nUser-Agent: Mo
zilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)\r\nHost:
www.google.de\r\nProxy
-Connection: Keep-Alive\r\nCookie:
PREF=ID=372c6af77de3389b:TB=1:LD=de:TM=101491
2608:LM=1031058836:S=Kc8DoW7Eaf0\r\n] [HTTP/1.0 407 Proxy Authentication
Require
d\r\nServer: squid/2.5.PRE11-20020828\r\nMime-Version: 1.0\r\nDate: Tue, 10
Sep
2002 15:49:19 GMT\r\nContent-Type: text/html\r\nContent-Length:
838\r\nExpires:
Tue, 10 Sep 2002 15:49:19 GMT\r\nX-Squid-Error: ERR_BOGE_DUP_LOGON
0\r\nProxy-Au
thenticate: NTLM\r\nProxy-Authenticate: Basic realm="SQUID-Proxy ZF Boge
Bonn"\r
\n\r]
#

> Mit freundlichen Grüßen / regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost@zfboge.com
>
> www.boge-vibrationcontrol.com
> ---------------------------------------------------------------------
>

> -----Ursprüngliche Nachricht-----
> Von: Henrik Nordstrom [mailto:hno@marasystems.com]
> Gesendet am: Dienstag, 10. September 2002 16:45
> An: Rost, Werner; 'squid-users@squid-cache.org'
> Betreff: Re: [squid-users] Problem with ntlm_auth
>
>
> Rost, Werner wrote:
> > 2002/09/10 10:37:59| aclCheck: checking 'http_access deny only1'
> > 2002/09/10 10:37:59| aclMatchAclList: checking only1
> > 2002/09/10 10:37:59| aclMatchAcl: checking 'acl only1
> max_user_ip -s 1'
> > 2002/09/10 10:37:59| authenticateAuthenticate: header NTLM
> > TlRMTVNTUAABAAAAB7IAA
> > AcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
> > 2002/09/10 10:37:59| authenticateAuthenticate: This is a
> new checklist test
> > on F
>
> Looking great so far, but this is only step 2 of 3...
>
>
> If you enable log_mime_hdrs, what do you get in access.log?
>
>
> If you run wb_ntlmauth manually and send
>
> TT TlRMTVNTUAABAAAAB7IAAAcABwAoAAAACAAIACAAAABCTl82NTc1MEJPR0VHT0Q=.
>
> what do you get back?
>
>
>
> Is the computer account up to date?
>
> Check with wbinfo that the connection to the domain is
> working the way it
> should (see the Squid FAQ).
>
> Regards
> Henrik
>
>
>
>
> ---------------------------------------------------------
> This Mail has been checked for Viruses
> Attention: Encrypted mails can NOT be checked!
>
> **
>
> Diese Mail wurde auf Viren geprueft
> Hinweis: Verschluesselte mails koennen NICHT auf Viren
> geprueft werden!
> ---------------------------------------------------------
>

---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------

---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------

---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
Received on Wed Sep 11 2002 - 00:09:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:12 MST