Re: [squid-users] NTLM problems

Hello Mike apologize me for my english. I've had the same problem but I've
tried to resolve that. I want to ask you how many children do you set for
MSWIN_NTLM_AUTH? and how many processes of MSWIN_CHECK_LM_GROUP do you have
in task manager?
I ask you this becouse at the begining of my problem i tried to set the
children for the NTLM helper to 50 but i didn't resolve the problem. If you
try this you wil see that there are 50 NTLM Helper but only 5
MSWIN_CHECK_LM_GROUP!!! this is the problem. The only way to increase
MSWIN_CHECK_LM_GROUP is to set the acl in this way
external_acl_type NT_local_group children=100 %LOGIN
c:/squid/libexec/mswin_check_lm_group.exe
note the children parameter that you can set as you like.
Try this
reguards from Bruno

Mike Mitchell-3 wrote:
>
> I've set up squid on a Windows 2003 server using the pre-compiled binaries
> from http://squid.acmeconsulting.it/download/squid-2.6.STABLE17-bin.zip
> NTLM authentication consistently works for some users, but consistently
> fails for others.
> Here's what debugging shows on a failure:
>
> ...
>
> 2008/01/04 18:38:09| helperStatefulOpenServers: Starting 5
> 'mswin_ntlm_auth.exe' processes
> mswin_ntlm_auth[5192]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27
> 2007, 21:53:46 starting up...
> mswin_ntlm_auth[5192]: SSPI initialized OK
> mswin_ntlm_auth[6112]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27
> 2007, 21:53:46 starting up...
> mswin_ntlm_auth[6112]: SSPI initialized OK
> mswin_ntlm_auth[5368]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27
> 2007, 21:53:46 starting up...
> mswin_ntlm_auth[5368]: SSPI initialized OK
> 2008/01/04 18:38:09| User-Agent logging is disabled.
> 2008/01/04 18:38:09| Referer logging is disabled.
> mswin_ntlm_auth[3084]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27
> 2007, 21:53:46 starting up...
> mswin_ntlm_auth[3084]: SSPI initialized OK
> mswin_ntlm_auth[4160]: c:/squid/libexec/mswin_ntlm_auth.exe build Nov 27
> 2007, 21:53:46 starting up...
> mswin_ntlm_auth[4160]: SSPI initialized OK
>
> ...
>
> mswin_ntlm_auth[5192]: Got 'YR
> TlRMTVNTUAABAAAABlIAAAYABgAmAAAABgAGACAAAABEMTU2MDRDQVJZTlQ=' from Squid
> mswin_ntlm_auth[5192]: attempting SSPI challenge retrieval
> mswin_ntlm_auth[5192]: Got it
> mswin_ntlm_auth[5192]: sending 'TT
> TlRMTVNTUAACAAAABgAGADgAAAAGAoECX74wIorjbCkAAAAAAAAAAHwAfAA+AAAABQLODgAAAA9DQVJZTlQCAAwAQwBBAFIAWQBOAFQAAQAQAE4AQQBNAEUAUwBSAFYAMgAEABQAbgBhAC4AcwBhAHMALgBjAG8AbQADACYATgBBAE0ARQBTAFIAVgAyAC4AbgBhAC4AcwBhAHMALgBjAG8AbQAFAA4AUwBBAFMALgBDAE8ATQAAAAAA'
> to squid
> mswin_ntlm_auth[5192]: Got 'KK
> TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgBAAAAABgAGAEYAAAAGAAYATAAAAAAAAABqAAAABlIAAENBUllOVE1BQkxBS0QxNTYwNKWk6TgT5BCIQBjSilR+VqBRLF/GRRzxhg=='
> from Squid
> mswin_ntlm_auth[5192]: checking domain: 'CARYNT', user: 'MABLAK'
> mswin_ntlm_auth[6112]: Got 'YR
> TlRMTVNTUAABAAAABlIAAAYABgAmAAAABgAGACAAAABEMTU2MDRDQVJZTlQ=' from Squid
> mswin_ntlm_auth[6112]: attempting SSPI challenge retrieval
> mswin_ntlm_auth[6112]: Got it
> mswin_ntlm_auth[6112]: sending 'TT
> TlRMTVNTUAACAAAABgAGADgAAAAGAoEC1yrM0oj/3vQAAAAAAAAAAHwAfAA+AAAABQLODgAAAA9DQVJZTlQCAAwAQwBBAFIAWQBOAFQAAQAQAE4AQQBNAEUAUwBSAFYAMgAEABQAbgBhAC4AcwBhAHMALgBjAG8AbQADACYATgBBAE0ARQBTAFIAVgAyAC4AbgBhAC4AcwBhAHMALgBjAG8AbQAFAA4AUwBBAFMALgBDAE8ATQAAAAAA'
> to squid
> mswin_ntlm_auth[6112]: Got 'KK
> TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgBAAAAABgAGAEYAAAAGAAYATAAAAAAAAABqAAAABlIAAENBUllOVE1BQkxBS0QxNTYwNOqSkQJvL12+T28RjkSZbHD0GEvSApUMpA=='
> from Squid
> mswin_ntlm_auth[6112]: checking domain: 'CARYNT', user: 'MABLAK'
>
> The last line shown is currently the last line in the cache.log file.
> Notice that there is not a 'Login attempt had result' line. My guess is
> that the SSP_ValidateNTLMCredentials() call in libntlmssp.c is hanging.
> That routine calls several Windows routines, but I can't tell which one is
> hanging. Both process IDs 5192 and 6112 are still running.
>
> Has anyone seen a problem like this?
>
> -- Mike.Mitchell_at_sas.com<mailto:Mike.Mitchell_at_sas.com>
>
>
>
>

-- 
View this message in context: http://www.nabble.com/NTLM-problems-tp14719771p20396458.html
Sent from the Squid - Users mailing list archive at Nabble.com.