[squid-users] NT multi domain authentication

From: <michele.de-martin@dont-contact.us>
Date: Fri, 28 Feb 2003 12:55:12 +0100

Hi everybody,
I'm devolloping a little "kit" to do NT multi domain authentication working
with NOT trusted domains.
Basic authentication and external acl group helpers are (more or less) done
and working: perl scripts around "rpcclient" utility shipped with samba.
Now I'm hacking with ntlm authentication.
Started with ntlm_auth helper from "Francesco Chemolli
<kinkie@kame.usr.dsi.unimi.it>", I modified it to work with multiple
domains.

Now the problem:
During one of the first steps of NTLM authentication squid send a "YR" code
to the helper without adding any further data retrieved from the
"Proxy-Authorization" field sent by the client.
This field contains data such as workstation domain, workstation name, etc.
Using a sniffer (ethereal) I was able to see those info: they started with
a NTLMSSP identifier and so on.
They are needed to my helper to retrieve the NTLM challenge from the
correct domain/controller.

How can I solve this? I mean: can those data be passed to the helper the
same way they are for the "KK" code?
It seems that "squid-2.5/src/auth/ntlm/auth_ntlm.c" is the right place to
hack.

Waiting for some help ... :)

ciao
Michele De Martin
Received on Fri Feb 28 2003 - 04:55:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST