Re: [squid-users] RE: NTLM error

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 20 Mar 2010 02:30:03 +1300

Dawie Pretorius wrote:
> Hi is it possible that someone can come back to me on this request.
>
> Thank you
>
> Dawie Pretorius
>

Maybe yes, maybe no.

You did add this:
"
> message and may be subject to legal privilege. Access to this e-mail
> by anyone other than the intended is unauthorised. If you are not the
> intended recipient (or responsible for delivery of the message to
> such person), you may not use, copy, distribute or deliver to anyone
> this message (or any part of its contents ) or take any action in
"

Sigh. Some people who might have answered will be legally bound not to
or risk their employment.

/joke.

>
> -----Original Message-----
> From: Dawie Pretorius [mailto:dawie_at_tradebridge.co.za]
> Sent: 11 March 2010 10:40 AM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] NTLM error
>
> Hi,
>
> I continually have this error inside my /var/log/squid/cache.log:
>
> [2010/03/05 12:40:02, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
> got NTLMSSP command 3, expected 1

A client is using kerberos (aka "3") to respond to your NTLM (aka "1")
challenge.
  * Find out what client browser this is its really rather broken, and
if possible why it's acting this way.
  * Look into implementing Kerberos auth in your network. NTLM is
officially deprecated by MS now, and apparently not supported in Windows 7.

>
> And getting a authentication pop up.
>
> I found this article about this issue:
>
> http://www1.il.squid-cache.org/mail-archive/squid-dev/200906/0041.html
>
> This article states that there is a workaround:
>
> "The workaround is pretty simple - just enable the IP auth cache."
>

I think they mean that storing the auth credentials and re-using them
for the IP gets around it.

Not a good solution at all. And squid does not support auth cache for
NTLM type protocols anyway. Which means you need to be using insecure
Basic auth for it to work.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
   Current Beta Squid 3.1.0.18
Received on Fri Mar 19 2010 - 13:30:14 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 19 2010 - 12:00:05 MDT