Re: [squid-users] --> problem with wb_ntlmauth !

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 4 Nov 2003 23:13:42 +0100 (CET)

On Tue, 4 Nov 2003, Alex Carlos Braga Antão wrote:

> ./wb_ntlmauth -d
> wb_ntlmauth[557](wb_ntlm_auth.c:441): ntlm winbindd auth helper build
> Nov 4 2003, 17:36:48 starting up...
> wb_ntlmauth[557](wb_ntlm_auth.c:352): target domain is DOMAIN

So far everything is good.

> and when I try to authenticate, I receive:
> DOMAIN\user password
> wb_ntlmauth[557](wb_ntlm_auth.c:289): Got 'DOMAIN\user password' from squid.

You get this message because wb_ntlmauth is a NTLM helper and expects a
Base64 encoded NTLMSSP message as input, not a username <space> password.

Among other things this means that NTLM helpers are virtually impossible
to test manually as you need a NTLMSSP client implementation to generate
the needed NTLMSSP messages.

About the only test you can do is to send "TT<newline>" to the helper.
This should give you a NTLMSSP challenge message needed for the client to
calculate a NTLMSSP response message. Unfortunately this alone does not
indicate much if things works or not as this message is generated directly
by the helper with no communication to the NT Domain. But if you have a
NTLMSSP client implementation then you can feed this challenge message
together with your username and password to the NTLMSSP client to
calculate the response message to send to the helper..

> ./wb_auth -d
> /wb_auth[559](wb_basic_auth.c:183): basic winbindd auth helper build
> Nov 4 2003, 17:36:47 starting up...
> DOMAIN\user password
> /wb_auth[559](wb_basic_auth.c:121): Got 'DOMAIN\user password' from
> squid (length: 21).
> /wb_auth[559](wb_basic_auth.c:54): winbindd result: 1
> /wb_auth[559](wb_basic_auth.c:57): sending 'OK' to squid
> OK

This is a basic authentication helper and expects username <space>
passowrd as input, and thus is a whole lot easier to test manually ;-)

Regards
Henrik
Received on Tue Nov 04 2003 - 15:50:31 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:06 MST