Henrik, ok... I'm pedantic... but...
I've problems with ntlm:auth authentication.
I've configured as said in squid documentation, so my squid.conf is:
auth_param ntlm program
/usr/squid/libexec/ntlm_auth --debug-level=10 --helper-protocol=squid-2.5-nt
lmssp
auth_param ntlm children 40
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program
/usr/squid/libexec/ntlm_auth --debug-level=10 --helper-protocol=squid-2.5-ba
sic
auth_param basic children 40
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl password proxy_auth REQUIRED
http_access allow password
The first, and more important issue is that if I leave ONLY squid-2.5-basic
auth, I insert user-id and password into the prompt, and I go on.
in chache log I can see:
[2003/11/11 11:59:06, 10] utils/ntlm_auth.c:manage_squid_request(1061)
Got 'user passwrd' from squid (length: 17).
[2003/11/11 11:59:06, 3] utils/ntlm_auth.c:check_plaintext_auth(172)
NT_STATUS_OK: Success (0x0)
If I leave both auth method, or only the ntlm-procol one... I receive always
access denied and my cache.log says:
[2003/11/11 11:56:20, 10] utils/ntlm_auth.c:manage_squid_request(1061)
Got 'YR' from squid (length: 2).
[2003/11/11 11:56:20, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(312)
got NTLMSSP packet:
[2003/11/11 11:56:20, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(322)
NTLMSSP challenge
[2003/11/11 11:56:20, 10] utils/ntlm_auth.c:manage_squid_request(1061)
Got 'KK
TlRMTVNTUAADAAAAGAAYAGcAAAAYABgAfwAAAA8ADwBIAAAACQAJAFcAAAAHAAcAYAAAAAAAAACX
AAAABgIAIgUCzg4AAAAPR1JBTkRJX1NUQVpJT05JRkxPTUJBUkRPQ0VSQkVST9/ZtdgJfzQg0S7u
sE5+9v53awh1gcfGD5kTTcdvm0bbr+E3wAe4Jl8usIz6P/hsrg=='
from squid (length: 207).
[2003/11/11 11:56:20, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(312)
got NTLMSSP packet:
[2003/11/11 11:56:20, 10] lib/util.c:dump_data(1825)
[000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[010] 67 00 00 00 18 00 18 00 7F 00 00 00 0F 00 0F 00 g....... ........
[020] 48 00 00 00 09 00 09 00 57 00 00 00 07 00 07 00 H....... W.......
[030] 60 00 00 00 00 00 00 00 97 00 00 00 06 02 00 22 `....... ......."
[040] 05 02 CE 0E 00 00 00 0F 46 52 41 4E 44 49 5F 53 ........ DOMAIN
[050] 54 41 5A 49 4F 4E 49 46 4D 4F 4D 42 41 52 44 4F USER
[060] 43 45 52 42 45 52 4F DF D1 B5 D8 09 7F 34 20 D1 WORKSTATION.
.....4 .
[070] 2E EE B0 4E 7E F6 FE 77 6B 08 75 81 C7 C6 0F 99 ...N~..w k.u.....
[080] 13 4D C7 6F 9B 46 DB AF E1 37 C0 07 B8 26 5F 2E .M.o.F.. .7...&_.
[090] B0 8C FA 3F F8 6C AE 00 ...?.l..
[2003/11/11 11:56:20, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286)
Got user=[USER] domain=[DOMAIN] workstation=[WORKSTATION] len1=24 len2=24
[2003/11/11 11:56:20, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(325)
NTLMSSP NT_STATUS_ACCESS_DENIED
I've tried with many versions of IE on different platforms... meaning win2k,
XP and 2003. same problems.
I've tried also to modify ntlm from secpol.msc from windows... using ntlmv2,
ntlmv1 and LM :-)
Note that samba is correctly configured, so I can authenticate with wbinfo
and using ntlm_auth --username testuser --password testpass --nt-response
will give "NT_STATUS_OK: Success (0x0)"
I've also used squid.conf as follow for testing:
auth_param ntlm program
/usr/squid/libexec/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -s
/usr/samba/lib/smb.conf --debuglevel=10 --nt-response
auth_param ntlm children 40
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program
/usr/squid/libexec/ntlm_auth --helper-protocol=squid-2.5-basic -s
/usr/samba/lib/smb.conf --debuglevel=10 --nt-response
auth_param basic children 40
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Another thing, I'm contating wbinfo_group for the ntlm_auth issues described
in my previus mail.
How to solve these problmes ?
BEst Regards,
Federico
Received on Tue Nov 11 2003 - 04:17:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:13 MST