RE: [squid-users] NTLM authentication in 2.5PRE5 from Van Bossche Koen on 2002-03-29 (squid-users)

From: Van Bossche Koen <Koen.VanBossche@dont-contact.us>
Date: Fri, 29 Mar 2002 15:20:30 +0100

Hi Vladimir,

You should not use the -d, this is for debugging and can only be used from
the command line.
Use it plain :
auth_param ntlm program /usr/local/squid/libexec/ntlm_auth IMI/IMIMAIL
or
auth_param ntlm program /usr/local/squid/libexec/ntlm_auth -b IMI/IMIMAIL
IMI/your_BDC

Hope this helps!

regrds,
./koen

-----Original Message-----
From: Vladimir Yumashev [mailto:vlad@imimail.ssau.ru]
Sent: 29 March 2002 14:22
To: squid-users@squid-cache.org
Subject: [squid-users] NTLM authentication in 2.5PRE5

I've installed and configured squid-2.5pre5 with NTLM authentication.
The line in the squid.conf:

----
    auth_param ntlm program /usr/local/squid/libexec/ntlm_auth -d
IMI/IMIMAIL
----
But I'm getting the "Access denied" error while trying ot reach any site.
cache.log file contains strings:
----
ntlm-auth[19723](ntlm_auth.c:277): managing request
ntlm-auth[19723](ntlm_auth.c:283): ntlm authenticator. Got 'YR' from Squid
ntlm-auth[19723](ntlm_auth.c:232): obtain_challenge: selecting IMI\IMIMAIL
(attempt #1)
ntlm-auth[19723](ntlm_auth.c:244): attempting challenge retrieval
ntlm-auth[19723](libntlmssp.c:119): Connecting to server IMIMAIL domain IMI
ntlm-auth[19723](ntlm_auth.c:246): make_challenge retuned 0x8059f60
ntlm-auth[19723](ntlm_auth.c:248): Got it
ntlm-auth[19723](ntlm_auth.c:430): sending 'TT
TlRMTVNTUAACAAAAAwADACgAAACCgkEACgkZSmXDTX0AAAAAAAAAAElNSQ==' to squid
ntlm-auth[19723](ntlm_auth.c:277): managing request
ntlm-auth[19723](ntlm_auth.c:283): ntlm authenticator. Got 'KK
TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAMAAwBAAAAABAAEAEMAAAAIAAgARwAAAAAAAAB/
AAAABoIAAElNSVZMQURWTEFESU1JUkxKrkWfni/DeJPNb3zi9/kkhRsXjfnEk8Ibv6I4B5OMX29u
LuWIJY94P6z5vMwyYQ==' from Squid
ntlm-auth[19723](libntlmssp.c:247): Empty LM pass detection: user: 'VLAD',
ours:'...<some stuff>...', his: '...<another stuff>'(length: 24)
ntlm-auth[19723](libntlmssp.c:259): Empty NT pass detection: user: 'VLAD',
ours:'...<some stuff>...', his: '...<another stuff>...'(length: 24)
ntlm-auth[19723](libntlmssp.c:273): checking domain: 'IMI', user: 'VLAD',
pass='...<some stuff here>...'
ntlm-auth[19723](libntlmssp.c:276): Login attempt had result 0
ntlm-auth[19723](libntlmssp.c:284): credentials: IMI\VLAD
ntlm-auth[19723](ntlm_auth.c:411): sending 'AF imi\vlad' to squid
----
But the domain controller says that user 'vlad' did a successfull network
logon from the squid-machine:
----
Successful Network Logon:
  User Name: VLAD
  Domain:  IMI
  Logon ID:  (0x0,0x7CBDBE)
  Logon Type: 3
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Workstation Name: \\UNIX2
----
Where is the problem?
WBR, Vladimir

Received on Fri Mar 29 2002 - 07:21:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:12 MST