[squid-users] Fwd: NTLM auth fails, Authentication pop-up keeps showing up but also fails

From: Mike <miguelmclara_at_gmail.com>
Date: Sun, 15 Jul 2012 10:13:14 +0100

Hi all,

Has the subject says, I'm having problems with NTLM in *some* users.

At first I tough this was related to a problem in some Windows 7 Laptops
that don't have the reg key:
LmCompatibilityLevel -> set to 1 to use LM NTLM and NTLMv2.

The key was missing in the 2 laptops giving me the problem, but adding
it and rebooting didn't solve the problem

In general all works, most users don't complain, and indeed the ones with the problem were missing this key in the registry.
When the user opens IE/site (ntlm auth) I see this on cache.log:

NTLMSSP challenge
2012/07/13 11:23:11.043| ConnStateData::swanSong: FD 33
Got 'YR
from squid (length: 267).
got NTLMSSP packet:
got NTLMSSP command 3, expected 1
2012/07/13 11:23:11.256| ConnStateData::swanSong: FD 33

This is when I send the "basic auth"
squid (length: 59).
got NTLMSSP packet:
Got NTLMSSP neg_flags=0xa2088207
NTLMSSP challenge
2012/07/13 11:23:33.226| ConnStateData::swanSong: FD 13
Got 'YR
from squid (length: 267).
got NTLMSSP packet:
got NTLMSSP command 3, expected 1
2012/07/13 11:23:39.436| ConnStateData::swanSong: FD 13
2012/07/13 11:23:40.451| ConnStateData::swanSong: FD 13

More info about my setup:

squid -v
Squid Cache: Version 3.1.19
configure options: '--sysconfdir=/usr/pkg/etc/squid'
'--localstatedir=/var/squid' '--datarootdir=/usr/pkg/share/squid'
'--enable-auth=basic,digest,ntlm' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-icmp'
'--enable-removal-policies=lru,heap' '--enable-poll'
'--enable-storeio=ufs diskd' '--with-aio'
'--disable-strict-error-checking' '--enable-icap-client'
'--with-default-user=squid' '--with-pidfile=/var/run/squid.pid'
'--enable-ipf-transparent' '--enable-carp' '--enable-snmp'
'--enable-ssl' '--with-openssl=/usr'
'--enable-basic-auth-helpers=getpwnam MSNT NCSA YP PAM'
'--enable-external-acl-helpers=ip_user unix_group' '--prefix=/usr/pkg'
'--build=x86_64--netbsd' '--host=x86_64--netbsd' '--mandir=/usr/pkg/man'
'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' 'CC=gcc'
'CFLAGS=-O2 -I/usr/include' 'LDFLAGS=-L/usr/lib -Wl,-R/usr/lib
-Wl,-R/usr/pkg/lib' 'LIBS=' 'CPPFLAGS=-I/usr/include' 'CXX=c++'
'CXXFLAGS=-O2 -I/usr/include'

Samba Version 3.6.5

OS: netbsd-6, samba and squid installed from pkgsrc

At this moment I'm not sure if I missed something installing squid/samba or if its indeed a problem with this particular windows client.


Note: I do not have kerbuerus auth set up, because this is no easy task
on netbsd, I still need to research on this.
Received on Sun Jul 15 2012 - 09:13:26 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 15 2012 - 12:00:02 MDT