[squid-users] Windows 7 beta and NTLM

From: <Tim.Towers_at_CliffordChance.com>
Date: Fri, 9 Jan 2009 17:51:48 +0000

We use NTLM authentication, but the new windows 7 beta (yes, its beta
but its nice to know of potential issues before they get widely
released) seems to be having trouble authenticating.

A standard authentication from XP provides the following in
/var/log/squid/cache.log:

 Got user=[912058] domain=[UK] workstation=[LONW037057] len1=24 len2=24

An authentication from Windows 7 beta is shown below:

  Got user=[009340] domain=[UK] workstation=[LONW032292] len1=24
len2=332
  Login for user [UK]\[009340]@[LONW032292] failed due to [Invalid
parameter]

I see the different "len2" information at the end, so I assume MS has
extended something.

The packages we are running are squid-2.6.STABLE20-1.el5 and
samba-common-3.0.28-1.el5_2.1.

I am curious whether a package upgrade will fix the problem, if this
windows 7 thingy has introduced an incompatibility that we expect MS to
fix with their next release or if this is a valid request that uses a
hitherto unused part of the protocol and therefore we should allow for
it.

Tim Towers
Senior Security Analyst
Global Network Services
CLIFFORD CHANCE LLP
10 Upper Bank Street
London E14 5JJ
*:Direct Dial +44 (0)20 7006 5645
*:Mobile +44 (0)794 9244498
*:Switchboard +44 (0)20 7006 1000
*:Email tim.towers_at_cliffordchance.com
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure.
If you are not the intended recipient, please telephone or email the sender and delete this message and any
attachment from your system. If you are not the intended recipient you must not copy this message or attachment
or disclose the contents to any other person.

Clifford Chance LLP is a limited liability partnership registered in England & Wales under number OC323571.
The firm's registered office and principal place of business is at 10 Upper Bank Street, London, E14 5JJ.
For further details, including a list of members and their professional qualifications, see our website
at www.cliffordchance.com. The firm uses the word 'partner' to refer to a member of Clifford Chance LLP or
an employee or consultant with equivalent standing and qualifications. The firm is regulated by the Solicitors Regulation Authority. The Authority's rules can be accessed by clicking on the following link: http://www.sra.org.uk/code-of-conduct.page

Clifford Chance as a global firm regularly shares client and/or matter-related data among its different
offices and support entities in strict compliance with internal control policies and statutory requirements.
Incoming and outgoing email communications may be monitored by Clifford Chance, as permitted by applicable law and regulations.

For further information about Clifford Chance please see our website at http://www.cliffordchance.com or refer
to any Clifford Chance office.
Received on Fri Jan 09 2009 - 17:52:10 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 09 2009 - 12:00:02 MST