[squid-users] Problem setting up squid with ntlm authentication

Hello,

I'm trying to setup a Squid Cache 2.5-STABLE4 with NTLM authentication
from an NT 4.0 Domain.

I use the wb_ntlmauth helper with the winbindd daemon that seems to be
correctly configured (wbinfo -r & wbinfo -g runs correctly).

When I try to authenticate from my Browser (IE 5.50.4807.2300 SP2) the
authentication is refused and a popup appear asking me login,
password&domain. If I try to enter them the popup appear again and
again....

I've verified my login&password with wbinfo : It's correct. So I think
there's something wrong in my squid configuration....

I have also tried with the ntlm_auth utility provide with samba 3.0 but
it's not better.

Can anyone help me please ?

The squid authentication is configured as follow :

auth_param ntlm program /usr/lib/squid/wb_ntlmauth -d
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
...
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl CONNECT method CONNECT
acl domainusers proxy_auth REQUIRED
http_access allow domainusers
http_access deny all

2003/10/03 17:55:10| Squid Cache (Version 2.5.STABLE4): Exiting
normally.
2003/10/03 17:55:50| Starting Squid Cache version 2.5.STABLE4 for
i686-pc-linux-gnu...
2003/10/03 17:55:50| Process ID 3986
2003/10/03 17:55:50| With 1024 file descriptors available
2003/10/03 17:55:50| DNS Socket created at 0.0.0.0, port 32834, FD 4
2003/10/03 17:55:50| Adding nameserver 195.68.0.1 from /etc/resolv.conf
2003/10/03 17:55:50| Adding nameserver 195.68.0.2 from /etc/resolv.conf
2003/10/03 17:55:50| helperStatefulOpenServers: Starting 5
'wb_ntlmauth' processes
(wb_ntlmauth)[3987](wb_ntlm_auth.c:438): ntlm winbindd auth helper
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3987](wb_ntlm_auth.c:355): target domain is
ABC-SYSTEMES-NT
(wb_ntlmauth)[3988](wb_ntlm_auth.c:438): ntlm winbindd auth helper
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3988](wb_ntlm_auth.c:355): target domain is
ABC-SYSTEMES-NT
(wb_ntlmauth)[3989](wb_ntlm_auth.c:438): ntlm winbindd auth helper
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3990](wb_ntlm_auth.c:438): ntlm winbindd auth helper
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3991](wb_ntlm_auth.c:438): ntlm winbindd auth helper
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3989](wb_ntlm_auth.c:355): target domain is
ABC-SYSTEMES-NT
(wb_ntlmauth)[3990](wb_ntlm_auth.c:355): target domain is
ABC-SYSTEMES-NT
(wb_ntlmauth)[3991](wb_ntlm_auth.c:355): target domain is
ABC-SYSTEMES-NT
2003/10/03 17:55:50| Unlinkd pipe opened on FD 14
2003/10/03 17:55:50| Swap maxSize 102400 KB, estimated 7876 objects
2003/10/03 17:55:50| Target number of buckets: 393
2003/10/03 17:55:50| Using 8192 Store buckets
2003/10/03 17:55:50| Max Mem size: 8192 KB
2003/10/03 17:55:50| Max Swap size: 102400 KB
2003/10/03 17:55:50| Rebuilding storage in /var/spool/squid-front
(CLEAN)
2003/10/03 17:55:50| Using Least Load store dir selection
2003/10/03 17:55:50| Set Current Directory to /var/spool/squid-front
2003/10/03 17:55:50| Loaded Icons.
2003/10/03 17:55:50| Accepting HTTP connections at 0.0.0.0, port 3128,
FD 16.
2003/10/03 17:55:50| Accepting ICP messages at 0.0.0.0, port 3130, FD
17.
2003/10/03 17:55:50| WCCP Disabled.
2003/10/03 17:55:50| Ready to serve requests.
2003/10/03 17:55:50| Done reading /var/spool/squid-front swaplog (39
entries)
2003/10/03 17:55:50| Finished rebuilding storage from disk.
2003/10/03 17:55:50| 39 Entries scanned
2003/10/03 17:55:50| 0 Invalid entries.
2003/10/03 17:55:50| 0 With invalid flags.
2003/10/03 17:55:50| 39 Objects loaded.
2003/10/03 17:55:50| 0 Objects expired.
2003/10/03 17:55:50| 0 Objects cancelled.
2003/10/03 17:55:50| 0 Duplicate URLs purged.
2003/10/03 17:55:50| 0 Swapfile clashes avoided.
2003/10/03 17:55:50| Took 0.0 seconds ( 39.0 objects/sec).
2003/10/03 17:55:50| Beginning Validation Procedure
2003/10/03 17:55:50| Completed Validation Procedure
2003/10/03 17:55:50| Validated 39 Entries
2003/10/03 17:55:50| store_swap_size = 176k
2003/10/03 17:55:51| storeLateRelease: released 0 objects
2003/10/03 18:00:49| authenticateDecodeAuth: Unsupported or
unconfigured proxy-auth scheme, 'Basic
YWJjLXN5c3RlbWVzLW50XGplcm9tZTphYmM
='
(wb_ntlmauth)[3987](wb_ntlm_auth.c:292): Got 'YR' from squid.
(wb_ntlmauth)[3987](wb_ntlm_auth.c:72): sending 'TT
TlRMTVNTUAACAAAADwAPACgAAACCgkEAj3zZijBmfZQAAAAAAAAAAEFCQy1TWVNURU1FUy1O
VA==' to s
quid
(wb_ntlmauth)[3987](wb_ntlm_auth.c:292): Got 'KK
TlRMTVNTUAADAAAAGAAYAF0AAAAYABgAdQAAAA8ADwBAAAAABgAGAE8AAAAIAAgAVQAAAAAA
AACNAAAAAoIBA
EFCQy1TWVNURU1FUy1OVEpFUk9NRVNFUlZfTUYx/
PQ9ewMGFabLgyPNpiv1NWakSpftY0fKaJesYPICaX5Wu+5HTEb5Mn+n3Ihs9b7c' from
squid.
(wb_ntlmauth)[3987](wb_ntlm_auth.c:239): Checking user
'ABC-SYSTEMES-NT\JEROME' lmhash len =24, have_nthash=0, nthash len=24
(wb_ntlmauth)[3987](wb_ntlm_auth.c:246): winbindd result: 0
(wb_ntlmauth)[3987](wb_ntlm_auth.c:60): sending 'NA
ABC-SYSTEMES-NT\JEROME auth failure because: Authentication Failure ()'
to squid

- - - - ---
Jérôme RICHARD - Virtual Net
mailto:jrichard@virtual-net.fr
tél. : 02.23.21.06.30 (Rennes)
tél. : 02.51.81.93.57 (Nantes)
tél. : 06.03.67.12.79 (Mobile)
Received on Sat Oct 04 2003 - 01:53:05 MDT