Re: [squid-users] Problem with negotiate_wrapper and ntlm authentication from Matteo De Lazzari on 2013-10-31 (squid-users)

From: Matteo De Lazzari <mdelazza_at_gmail.com>
Date: Thu, 31 Oct 2013 15:14:42 +0100

I add another thing. If I click over and over again on the ok button in
the login prompt, after an unsuccessful login like below, I get a
successful login with kerberos with the right credentials inserted into
the login window. For example:

2013/10/31 14:59:06| negotiate_wrapper: Got 'YR
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
(length: 59).
2013/10/31 14:59:06| negotiate_wrapper: Decode
'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded
length: 40).
2013/10/31 14:59:06| negotiate_wrapper: received type 1 NTLM token
2013/10/31 14:59:06| negotiate_wrapper: Return 'TT
TlRMTVNTUAACAAAAEAAQADgAAAAFgomihuhYCU+1bPYAAAAAAAAAAKoAqgBIAAAABgEAAAAAAA9QAFIARQBWAEkARABPAE0AAgAQAFAAUgBFAFYASQBEAE8ATQABABoAUwBSAFYAUwBRAFUASQBEAFAAUgBPAFgAWQAEACgAcAByAGUAdgBpAGQAbwBtAC4AcAByAGUAdgBpAG4AZQB0AC4AaQB0AAMARABzAHIAdgBzAHEAdQBpAGQAcAByAG8AeAB5AC4AcAByAGUAdgBpAGQAbwBtAC4AcAByAGUAdgBpAG4AZQB0AC4AaQB0AAAAAAA=
'
2013/10/31 14:59:06| negotiate_wrapper: Got 'KK
TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAABQAFABIAAAAGgAaAFwAAAAUABQAdgAAAAAAAAC6AAAABYKIogUBKAoAAAAPQgBBAEwARABBAFMAUwBJAE4AUgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEIAQQBMAEQAQQBTAFMASQBOAFIAq1Q20RKzg8QAAAAAAAAAAAAAAAAAAAAAMxioQ/YxkVY0L8xikTmoqqYH1sM2078v'
from squid (length: 251).
2013/10/31 14:59:06| negotiate_wrapper: Decode
'TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAABQAFABIAAAAGgAaAFwAAAAUABQAdgAAAAAAAAC6AAAABYKIogUBKAoAAAAPQgBBAEwARABBAFMAUwBJAE4AUgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEIAQQBMAEQAQQBTAFMASQBOAFIAq1Q20RKzg8QAAAAAAAAAAAAAAAAAAAAAMxioQ/YxkVY0L8xikTmoqqYH1sM2078v'
(decoded length: 186).
2013/10/31 14:59:06| negotiate_wrapper: received type 216 NTLM token
2013/10/31 14:59:06| negotiate_wrapper: Return 'NA = NT_STATUS_NO_SUCH_USER
'
2013/10/31 14:59:44| negotiate_wrapper: Got 'YR
YIIFvAYGKwYBBQUCoIIFsDCCBaygJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBYIEggV+YIIFegYJKoZIhvcSAQICAQBuggVpMIIFZaADAgEFoQMCAQ6iBwMFACAAAACjggSFYYIEgTCCBH2gAwIBBaEWGxRQUkVWSURPTS5QUkVWSU5FVC5JVKI1MDOgAwIBAqEsMCobBEhUVFAbInNydnNxdWlkcHJveHkucHJldmlkb20ucHJldmluZXQuaXSjggQlMIIEIaADAgEXoQMCAQSiggQTBIIED24e4jfaNzU02uwF2gkyHqaHgFt/BifkbI/kr8++dZLTVxVGVUE+LEuYV5wsjE5UIKtCRRBeKMtX9Qi15U+pSGQ6IHd23PeVFLixYPR/TVUQQT2nYdKQuSfRYwwVZuPKDFdg02vu7+DvNvs4psFXvp2XUwGT4scPFtESfkowhNPzPtJHLdpno6lUHUJhFYq0gMuVAlpVPENuPolCwknER/+QGmFUcPqVl7PUL749cOLi9Xuxf3mbZow6X5wznTnsgoLQsqE555sIGBj68XAeg4wCb0uU9hrUuZzzasW7z26O5SuL0W2n2w0rcZ/MZs6bfS5naoCkH/zSa1ukjZhvP7QHkNko26u1k1UKEckZ8g6Mtt+0eP4lRJ7TpA0G5WewSckZg1pVhFEgf6M3LSr+t3vztJBEwzhy58StIvkJvBH1TfCTn9IGyjbUKko9U2YZ+15epb/6J2vqLFSEMlINxRhV/Pd9dqyODRmOSfsIIZOso4Y6DQjNbcF0CYWRmfMilMvFVPSqF38HBKtW+smMdh7e/UkKGT+jaJA6f4e28uFMAffyIVxKlYXpL44YcAhjaKTveKsGNXHv+NNQV+lm55p8HS37o9DhUC0kUqCuIG6p9IVurcKwqjo8wjgcTjKhmxLSUNgL4iNoV6oZRki9Kfqupg8xOwJazr/PrvP0O0p9GY+8hxK5BR8p/GBeL5EhvGrJDUrbg+OlAZnxSG2tGik/5HN86s0+KgDcqmBg2eNuy/2/oyOYF2OpIup2s25kPuC88ygmmcB6UrliFID6hoN9eOO/+27xBSl+1GqW3Xmcu0yFLUETNg1rBu/qXQ+jPZmkXZ1Pt1TydeA3fYcsfnPIZPxULeO0veteSMypacVawE8AmeTVazrHus+Io6PzE+RF5bwNfGkDqsBG6dadCzU9JsmQwIzaHhYMSx7yx+/R7zPgZDuyr+WrQd++83M1Brqf25UGrTzNczw7pnIH0pEj1ptRovPsowqvyEY5XydP4CRqAOjF7vuuKkMthSPeBcV26H1TczdZ7SKoprFAkzhmJcJmFmbGmOYmtumeoxg8qFpAN8S4Q5fbeRFykeeDLM4SwqaIC0w9QFWTSapSMRsN8x2VZlTKt5ed6DYic0rIuYnH+XaARi5Pex0UvSFLMQU6tp1MJVvkvEwG1QoVba/21nzJ8UlqeEnTc50nnU+LnipGAI15MrH+wM0L9+SLOYuLR8lCRri7u5+JcaUgWwui3E9TGeZGw+VXpasOsQPsdz39kaIidNSAOaWQx1zJ+9qPEXqTudYSBBsR0WwFMmuU81flflo63j93IAzL1j5wORMkrIjlIiICEZWHiG+KMh+XYZz4tyU63F6h/7F2wPybX7JJlxn/dneVEy9Nw9GkgcYwgcOgAwIBF6KBuwSBuGE9SMLyMPc/FurBpMUvbBsESJOs3Yzio6jhP8flw3MLhIGZl9AJZ7nghqukZ1rA6c/Jq8rbPO0VKuz+/Ujlv9j1RXcwJyhMUlKfPPj+xeVXP8tz0RVh0kXkHOaa9WMlxM3eBQjMNkaVhi7fCKV21facbt1/bXgUDHgEzvqiABUf+k56zllf2joVz1/nYKd7vDdkR0/20qfe3cmifh0GQBdave/hdXPCfqsY/eBCHPpBp1Cmwp4t+xs='
from squid (length: 1967).
2013/10/31 14:59:44| negotiate_wrapper: Decode
'YIIFvAYGKwYBBQUCoIIFsDCCBaygJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBYIEggV+YIIFegYJKoZIhvcSAQICAQBuggVpMIIFZaADAgEFoQMCAQ6iBwMFACAAAACjggSFYYIEgTCCBH2gAwIBBaEWGxRQUkVWSURPTS5QUkVWSU5FVC5JVKI1MDOgAwIBAqEsMCobBEhUVFAbInNydnNxdWlkcHJveHkucHJldmlkb20ucHJldmluZXQuaXSjggQlMIIEIaADAgEXoQMCAQSiggQTBIIED24e4jfaNzU02uwF2gkyHqaHgFt/BifkbI/kr8++dZLTVxVGVUE+LEuYV5wsjE5UIKtCRRBeKMtX9Qi15U+pSGQ6IHd23PeVFLixYPR/TVUQQT2nYdKQuSfRYwwVZuPKDFdg02vu7+DvNvs4psFXvp2XUwGT4scPFtESfkowhNPzPtJHLdpno6lUHUJhFYq0gMuVAlpVPENuPolCwknER/+QGmFUcPqVl7PUL749cOLi9Xuxf3mbZow6X5wznTnsgoLQsqE555sIGBj68XAeg4wCb0uU9hrUuZzzasW7z26O5SuL0W2n2w0rcZ/MZs6bfS5naoCkH/zSa1ukjZhvP7QHkNko26u1k1UKEckZ8g6Mtt+0eP4lRJ7TpA0G5WewSckZg1pVhFEgf6M3LSr+t3vztJBEwzhy58StIvkJvBH1TfCTn9IGyjbUKko9U2YZ+15epb/6J2vqLFSEMlINxRhV/Pd9dqyODRmOSfsIIZOso4Y6DQjNbcF0CYWRmfMilMvFVPSqF38HBKtW+smMdh7e/UkKGT+jaJA6f4e28uFMAffyIVxKlYXpL44YcAhjaKTveKsGNXHv+NNQV+lm55p8HS37o9DhUC0kUqCuIG6p9IVurcKwqjo8wjgcTjKhmxLSUNgL4iNoV6oZRki9Kfqupg8xOwJazr/PrvP0O0p9GY+8hxK5BR8p/GBeL5EhvGrJDUrbg+OlAZnxSG2tGik/5HN86s0+KgDcqmBg2eNuy/2/oyOYF2OpIup2s25kPuC88ygmmcB6UrliFID6hoN9eOO/+27xBSl+1GqW3Xmcu0yFLUETNg1rBu/qXQ+jPZmkXZ1Pt1TydeA3fYcsfnPIZPxULeO0veteSMypacVawE8AmeTVazrHus+Io6PzE+RF5bwNfGkDqsBG6dadCzU9JsmQwIzaHhYMSx7yx+/R7zPgZDuyr+WrQd++83M1Brqf25UGrTzNczw7pnIH0pEj1ptRovPsowqvyEY5XydP4CRqAOjF7vuuKkMthSPeBcV26H1TczdZ7SKoprFAkzhmJcJmFmbGmOYmtumeoxg8qFpAN8S4Q5fbeRFykeeDLM4SwqaIC0w9QFWTSapSMRsN8x2VZlTKt5ed6DYic0rIuYnH+XaARi5Pex0UvSFLMQU6tp1MJVvkvEwG1QoVba/21nzJ8UlqeEnTc50nnU+LnipGAI15MrH+wM0L9+SLOYuLR8lCRri7u5+JcaUgWwui3E9TGeZGw+VXpasOsQPsdz39kaIidNSAOaWQx1zJ+9qPEXqTudYSBBsR0WwFMmuU81flflo63j93IAzL1j5wORMkrIjlIiICEZWHiG+KMh+XYZz4tyU63F6h/7F2wPybX7JJlxn/dneVEy9Nw9GkgcYwgcOgAwIBF6KBuwSBuGE9SMLyMPc/FurBpMUvbBsESJOs3Yzio6jhP8flw3MLhIGZl9AJZ7nghqukZ1rA6c/Jq8rbPO0VKuz+/Ujlv9j1RXcwJyhMUlKfPPj+xeVXP8tz0RVh0kXkHOaa9WMlxM3eBQjMNkaVhi7fCKV21facbt1/bXgUDHgEzvqiABUf+k56zllf2joVz1/nYKd7vDdkR0/20qfe3cmifh0GQBdave/hdXPCfqsY/eBCHPpBp1Cmwp4t+xs='
(decoded length: 1472).
2013/10/31 14:59:44| negotiate_wrapper: received Kerberos token
2013/10/31 14:59:44| negotiate_wrapper: Return 'AF
oYGfMIGcoAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqADAgEXolsEWQhjw8BXtVTV3ZSHzJec1tJ7JeV72DZ2t59ZzCqYq2JQ86W+bTLnvA2+QbR3BR49UK4ozcfIbofsJjUqUaI3Z5ut8yK/0sXnUmwvTQWyxtilNoSExOKsMk8N
provaproxy_at_PREVIDOM.PREVINET.IT
'
kerberos_ldap_group.cc(437): pid=17903 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: Got User: provaproxy Domain: PREVIDOM.PREVINET.IT
support_member.cc(126): pid=17903 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: User provaproxy is not member of group_at_domain
Logmein_at_NULL
kerberos_ldap_group.cc(437): pid=17905 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: Got User: provaproxy Domain: PREVIDOM.PREVINET.IT
support_member.cc(126): pid=17905 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: User provaproxy is not member of group_at_domain
Teamviewer_at_NULL
kerberos_ldap_group.cc(437): pid=17907 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: Got User: provaproxy Domain: PREVIDOM.PREVINET.IT
support_member.cc(126): pid=17907 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: User provaproxy is not member of group_at_domain
Skypegrp_at_NULL
kerberos_ldap_group.cc(437): pid=17883 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: Got User: provaproxy Domain: PREVIDOM.PREVINET.IT
support_member.cc(126): pid=17883 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: User provaproxy is not member of group_at_domain
InternetFull_at_NULL
kerberos_ldap_group.cc(437): pid=17863 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: Got User: provaproxy Domain: PREVIDOM.PREVINET.IT
support_member.cc(119): pid=17863 :2013/10/31 14:59:44|
kerberos_ldap_group: INFO: User provaproxy is member of group_at_domain
InternetLimited_at_NULL

In my opinion it's a bit strange.

Thanks to Amos and to everyone those can help me!

>Uhm, I cannot understand. The user and computer that you found is the
>current logged in windows user . It's a local user. If I want to use the
>browser, a login box appear. So i try to insert the domain credential in
>the form domain\username and the password. After i click on the ok
>button, on the log i find that the user that squid are trying to
>authenticate is the local logged in user and not just the user which I
>inserted. Have you any idea of what's the cause of this behaviour?

>Thanks

Il 29/10/2013 22.44, Amos Jeffries ha scritto:
> On 30/10/2013 3:49 a.m., Matteo De Lazzari wrote:
>> Now I have squid Version 3.3.9, but the problem still persist. This
>> if from cache.log
>>
>> 2013/10/29 15:07:49| negotiate_wrapper: Got 'YR
>> TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
>> (length: 59).
>> 2013/10/29 15:07:49| negotiate_wrapper: Decode
>> 'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded
>> length: 40).
>> 2013/10/29 15:07:49| negotiate_wrapper: received type 1 NTLM token
>> 2013/10/29 15:07:49| negotiate_wrapper: Return 'TT
>> TlRMTVNTUAACAAAAEAAQADgAAAAFgomiMudf8qKFH9cAAAAAAAAAAKoAqgBIAAAABgEAAAAAAA9QAFIARQBWAEkARABPAE0AAgAQAFAAUgBFAFYASQBEAE8ATQABABoAUwBSAFYAUwBRAFUASQBEAFAAUgBPAFgAWQAEACgAcAByAGUAdgBpAGQAbwBtAC4AcAByAGUAdgBpAG4AZQB0AC4AaQB0AAMARABzAHIAdgBzAHEAdQBpAGQAcAByAG8AeAB5AC4AcAByAGUAdgBpAGQAbwBtAC4AcAByAGUAdgBpAG4AZQB0AC4AaQB0AAAAAAA=
>> '
>> 2013/10/29 15:07:49| negotiate_wrapper: Got 'KK
>> TlRMTVNTUAADAAAAGAAYAIYAAAAYABgAngAAABIAEgBIAAAAGgAaAFoAAAASABIAdAAAAAAAAAC2AAAABYKIogUBKAoAAAAPRABFAEYAQQBWAEUAUgBJAEwAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBEAEUARgBBAFYARQBSAEkATACBrzocRC8vigAAAAAAAAAAAAAAAAAAAABvHsRiK+DEPUVqWMDAk2PS8BDbT/X3mBg='
>> from squid (length: 247).
>> 2013/10/29 15:07:49| negotiate_wrapper: Decode
>> 'TlRMTVNTUAADAAAAGAAYAIYAAAAYABgAngAAABIAEgBIAAAAGgAaAFoAAAASABIAdAAAAAAAAAC2AAAABYKIogUBKAoAAAAPRABFAEYAQQBWAEUAUgBJAEwAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBEAEUARgBBAFYARQBSAEkATACBrzocRC8vigAAAAAAAAAAAAAAAAAAAABvHsRiK+DEPUVqWMDAk2PS8BDbT/X3mBg='
>> (decoded length: 182).
>> 2013/10/29 15:07:49| negotiate_wrapper: received type 216 NTLM token
>
> NTLM Type: 3
> Target Name: DEFAVERIL
> User Name: Administrator
> Workstation Name: DEFAVERIL
>
>> 2013/10/29 15:07:49| negotiate_wrapper: Return 'NA =
>> NT_STATUS_NO_SUCH_USER
>>
>
> This is not a parser problem This is actually a user credentials not
> existing problem. *NO SUCH USER*.
>
>
>> and again from command prompt all is good:
>>
>> /usr/bin/ntlm_auth --username=provaproxy --password=Pass1word
>> --domain=PREVIDOM
>> NT_STATUS_OK: Success (0x0)
>>
>
> You are testing with different credentials to the ones which are failing.
>
> Amos
Received on Thu Oct 31 2013 - 14:14:54 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 31 2013 - 12:00:08 MDT