Re: [squid-users] NTLM authentication in 2.5PRE5

From: Jigar Rasalawala <jrasalawala@dont-contact.us>
Date: Fri, 29 Mar 2002 08:48:34 -0800

hi, vald

I just configured my NTLM authentication y'day after long time struggle.
It works for me. I compared yr log messages from cache.log file with mine.
It looks perfect.

What I am suspecting here, check your other ACL in squid.conf file.
NTLM works, but because of other ACL filter ( like ip-address, subnet mask
filter, name base filter..etc) you are getting access
denied, not because of NTLM.

Thanks
Jigar
----- Original Message -----
From: "Vladimir Yumashev" <vlad@imimail.ssau.ru>
To: <squid-users@squid-cache.org>
Sent: Friday, March 29, 2002 6:43 AM
Subject: Re: [squid-users] NTLM authentication in 2.5PRE5

> Oops, it doesn't help. What else should I check.
>
>
> > Hi Vladimir,
> >
> > You should not use the -d, this is for debugging and can only be used
from
> > the command line.
> > Use it plain :
> > auth_param ntlm program /usr/local/squid/libexec/ntlm_auth IMI/IMIMAIL
> > or
> > auth_param ntlm program /usr/local/squid/libexec/ntlm_auth -b
IMI/IMIMAIL
> > IMI/your_BDC
> >
> > -----Original Message-----
> > From: Vladimir Yumashev [mailto:vlad@imimail.ssau.ru]
> > Sent: 29 March 2002 14:22
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] NTLM authentication in 2.5PRE5
> >
> >
> > I've installed and configured squid-2.5pre5 with NTLM authentication.
> > The line in the squid.conf:
> > ----
> > auth_param ntlm program /usr/local/squid/libexec/ntlm_auth -d
> > IMI/IMIMAIL
> > ----
> >
> > But I'm getting the "Access denied" error while trying ot reach any
site.
> >
> > cache.log file contains strings:
> > ----
> > ntlm-auth[19723](ntlm_auth.c:277): managing request
> > ntlm-auth[19723](ntlm_auth.c:283): ntlm authenticator. Got 'YR' from
Squid
> > ntlm-auth[19723](ntlm_auth.c:232): obtain_challenge: selecting
IMI\IMIMAIL
> > (attempt #1)
> > ntlm-auth[19723](ntlm_auth.c:244): attempting challenge retrieval
> > ntlm-auth[19723](libntlmssp.c:119): Connecting to server IMIMAIL domain
> IMI
> > ntlm-auth[19723](ntlm_auth.c:246): make_challenge retuned 0x8059f60
> > ntlm-auth[19723](ntlm_auth.c:248): Got it
> > ntlm-auth[19723](ntlm_auth.c:430): sending 'TT
> > TlRMTVNTUAACAAAAAwADACgAAACCgkEACgkZSmXDTX0AAAAAAAAAAElNSQ==' to squid
> > ntlm-auth[19723](ntlm_auth.c:277): managing request
> > ntlm-auth[19723](ntlm_auth.c:283): ntlm authenticator. Got 'KK
> >
>
TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAMAAwBAAAAABAAEAEMAAAAIAAgARwAAAAAAAAB/
> >
>
AAAABoIAAElNSVZMQURWTEFESU1JUkxKrkWfni/DeJPNb3zi9/kkhRsXjfnEk8Ibv6I4B5OMX29u
> > LuWIJY94P6z5vMwyYQ==' from Squid
> > ntlm-auth[19723](libntlmssp.c:247): Empty LM pass detection: user:
'VLAD',
> > ours:'...<some stuff>...', his: '...<another stuff>'(length: 24)
> > ntlm-auth[19723](libntlmssp.c:259): Empty NT pass detection: user:
'VLAD',
> > ours:'...<some stuff>...', his: '...<another stuff>...'(length: 24)
> > ntlm-auth[19723](libntlmssp.c:273): checking domain: 'IMI', user:
'VLAD',
> > pass='...<some stuff here>...'
> > ntlm-auth[19723](libntlmssp.c:276): Login attempt had result 0
> > ntlm-auth[19723](libntlmssp.c:284): credentials: IMI\VLAD
> > ntlm-auth[19723](ntlm_auth.c:411): sending 'AF imi\vlad' to squid
> > ----
> >
> > But the domain controller says that user 'vlad' did a successfull
network
> > logon from the squid-machine:
> > ----
> > Successful Network Logon:
> > User Name: VLAD
> > Domain: IMI
> > Logon ID: (0x0,0x7CBDBE)
> > Logon Type: 3
> > Logon Process: NtLmSsp
> > Authentication Package: NTLM
> > Workstation Name: \\UNIX2
> > ----
> >
> > Where is the problem?
> >
> > WBR, Vladimir
> >
> >
> >
> >
> >
>
>
>
>
Received on Fri Mar 29 2002 - 09:47:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:12 MST