Re: [squid-users] Problem with negotiate_wrapper and ntlm authentication from Matteo De Lazzari on 2013-10-29 (squid-users)

From: Matteo De Lazzari <mdelazza_at_gmail.com>
Date: Tue, 29 Oct 2013 15:49:59 +0100

Now I have squid Version 3.3.9, but the problem still persist. This if
from cache.log

2013/10/29 15:07:49| negotiate_wrapper: Got 'YR
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
(length: 59).
2013/10/29 15:07:49| negotiate_wrapper: Decode
'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded
length: 40).
2013/10/29 15:07:49| negotiate_wrapper: received type 1 NTLM token
2013/10/29 15:07:49| negotiate_wrapper: Return 'TT
TlRMTVNTUAACAAAAEAAQADgAAAAFgomiMudf8qKFH9cAAAAAAAAAAKoAqgBIAAAABgEAAAAAAA9QAFIARQBWAEkARABPAE0AAgAQAFAAUgBFAFYASQBEAE8ATQABABoAUwBSAFYAUwBRAFUASQBEAFAAUgBPAFgAWQAEACgAcAByAGUAdgBpAGQAbwBtAC4AcAByAGUAdgBpAG4AZQB0AC4AaQB0AAMARABzAHIAdgBzAHEAdQBpAGQAcAByAG8AeAB5AC4AcAByAGUAdgBpAGQAbwBtAC4AcAByAGUAdgBpAG4AZQB0AC4AaQB0AAAAAAA=
'
2013/10/29 15:07:49| negotiate_wrapper: Got 'KK
TlRMTVNTUAADAAAAGAAYAIYAAAAYABgAngAAABIAEgBIAAAAGgAaAFoAAAASABIAdAAAAAAAAAC2AAAABYKIogUBKAoAAAAPRABFAEYAQQBWAEUAUgBJAEwAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBEAEUARgBBAFYARQBSAEkATACBrzocRC8vigAAAAAAAAAAAAAAAAAAAABvHsRiK+DEPUVqWMDAk2PS8BDbT/X3mBg='
from squid (length: 247).
2013/10/29 15:07:49| negotiate_wrapper: Decode
'TlRMTVNTUAADAAAAGAAYAIYAAAAYABgAngAAABIAEgBIAAAAGgAaAFoAAAASABIAdAAAAAAAAAC2AAAABYKIogUBKAoAAAAPRABFAEYAQQBWAEUAUgBJAEwAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBEAEUARgBBAFYARQBSAEkATACBrzocRC8vigAAAAAAAAAAAAAAAAAAAABvHsRiK+DEPUVqWMDAk2PS8BDbT/X3mBg='
(decoded length: 182).
2013/10/29 15:07:49| negotiate_wrapper: received type 216 NTLM token
2013/10/29 15:07:49| negotiate_wrapper: Return 'NA = NT_STATUS_NO_SUCH_USER

and again from command prompt all is good:

/usr/bin/ntlm_auth --username=provaproxy --password=Pass1word
--domain=PREVIDOM
NT_STATUS_OK: Success (0x0)

The samba version is 3.6.9-151

This is the squid configuration rows:

auth_param negotiate program /usr/lib64/squid/negotiate_wrapper_auth -d
--ntlm /usr/bin/ntlm_auth -d --helper-protocol=squid-2.5-ntlmssp
--domain=PREVIDOM --kerberos /usr/lib64/squid/negotiate_kerberos_auth -s
HTTP/srvsquidproxy.previdom.previnet.it

It seems that the wrapper cannot parse correctly username, password and
domain typed in the login box. Does someone have any idea?

Thanks

Matteo

Il 29/10/2013 1.31, Amos Jeffries ha scritto:
> On 29/10/2013 6:19 a.m., Matteo De Lazzari wrote:
>>
>> Dear all,
>> I have a little problem trying to configure a fall back authentication
>> via negotiate_wrapper
>>
> <snip>
>
>> I'm using a precompiled 3.1.10 squid version on centos 6.4.
>
> Please try a current Squid version (3.3 or later).
>
> There seems to be an issue in the older releases from before wrapper
> was created with the Negotiate auth module not quite supporting the
> helper requirements for NTLM auth.
>
> Amos
Received on Tue Oct 29 2013 - 14:50:14 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 30 2013 - 12:00:06 MDT