I've set up squid on a Windows 2003 server using the pre-compiled binaries from http://squid.acmeconsulting.it/download/squid-2.6.STABLE17-bin.zip
NTLM authentication consistently works for some users, but consistently fails for others.
Here's what debugging shows on a failure:
...
2008/01/04 18:38:09| helperStatefulOpenServers: Starting 5 'mswin_ntlm_auth.exe' processes
mswin_ntlm_auth[5192]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27 2007, 21:53:46 starting up...
mswin_ntlm_auth[5192]: SSPI initialized OK
mswin_ntlm_auth[6112]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27 2007, 21:53:46 starting up...
mswin_ntlm_auth[6112]: SSPI initialized OK
mswin_ntlm_auth[5368]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27 2007, 21:53:46 starting up...
mswin_ntlm_auth[5368]: SSPI initialized OK
2008/01/04 18:38:09| User-Agent logging is disabled.
2008/01/04 18:38:09| Referer logging is disabled.
mswin_ntlm_auth[3084]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27 2007, 21:53:46 starting up...
mswin_ntlm_auth[3084]: SSPI initialized OK
mswin_ntlm_auth[4160]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27 2007, 21:53:46 starting up...
mswin_ntlm_auth[4160]: SSPI initialized OK
...
mswin_ntlm_auth[5192]: Got 'YR TlRMTVNTUAABAAAABlIAAAYABgAmAAAABgAGACAAAABEMTU2MDRDQVJZTlQ=' from Squid
mswin_ntlm_auth[5192]: attempting SSPI challenge retrieval
mswin_ntlm_auth[5192]: Got it
mswin_ntlm_auth[5192]: sending 'TT TlRMTVNTUAACAAAABgAGADgAAAAGAoECX74wIorjbCkAAAAAAAAAAHwAfAA+AAAABQLODgAAAA9DQVJZTlQCAAwAQwBBAFIAWQBOAFQAAQAQAE4AQQBNAEUAUwBSAFYAMgAEABQAbgBhAC4AcwBhAHMALgBjAG8AbQADACYATgBBAE0ARQBTAFIAVgAyAC4AbgBhAC4AcwBhAHMALgBjAG8AbQAFAA4AUwBBAFMALgBDAE8ATQAAAAAA' to squid
mswin_ntlm_auth[5192]: Got 'KK TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgBAAAAABgAGAEYAAAAGAAYATAAAAAAAAABqAAAABlIAAENBUllOVE1BQkxBS0QxNTYwNKWk6TgT5BCIQBjSilR+VqBRLF/GRRzxhg==' from Squid
mswin_ntlm_auth[5192]: checking domain: 'CARYNT', user: 'MABLAK'
mswin_ntlm_auth[6112]: Got 'YR TlRMTVNTUAABAAAABlIAAAYABgAmAAAABgAGACAAAABEMTU2MDRDQVJZTlQ=' from Squid
mswin_ntlm_auth[6112]: attempting SSPI challenge retrieval
mswin_ntlm_auth[6112]: Got it
mswin_ntlm_auth[6112]: sending 'TT TlRMTVNTUAACAAAABgAGADgAAAAGAoEC1yrM0oj/3vQAAAAAAAAAAHwAfAA+AAAABQLODgAAAA9DQVJZTlQCAAwAQwBBAFIAWQBOAFQAAQAQAE4AQQBNAEUAUwBSAFYAMgAEABQAbgBhAC4AcwBhAHMALgBjAG8AbQADACYATgBBAE0ARQBTAFIAVgAyAC4AbgBhAC4AcwBhAHMALgBjAG8AbQAFAA4AUwBBAFMALgBDAE8ATQAAAAAA' to squid
mswin_ntlm_auth[6112]: Got 'KK TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgBAAAAABgAGAEYAAAAGAAYATAAAAAAAAABqAAAABlIAAENBUllOVE1BQkxBS0QxNTYwNOqSkQJvL12+T28RjkSZbHD0GEvSApUMpA==' from Squid
mswin_ntlm_auth[6112]: checking domain: 'CARYNT', user: 'MABLAK'
The last line shown is currently the last line in the cache.log file.
Notice that there is not a 'Login attempt had result' line. My guess is that the SSP_ValidateNTLMCredentials() call in libntlmssp.c is hanging. That routine calls several Windows routines, but I can't tell which one is hanging. Both process IDs 5192 and 6112 are still running.
Has anyone seen a problem like this?
-- Mike.Mitchell@sas.com<mailto:Mike.Mitchell@sas.com>
Received on Wed Jan 09 2008 - 12:33:39 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST