[squid-users] Squid 2.5 & NTLM from Mike Diggins on 2002-06-04 (squid-users)

From: Mike Diggins <diggins@dont-contact.us>
Date: Tue, 4 Jun 2002 11:17:06 -0400 (EDT)

Hello,

It's my first time attempting the NTLM authentication in Squid 2.5 and am
running into trouble making it work.

I think this means the authenticator itself is okay?

diggins@percy<~squid/libexec># ./ntlm_auth -d AP1/AS7
ntlm-auth[10660](ntlm_auth.c:180): Adding domain-controller AP1/AS7
ntlm-auth[10660](ntlm_auth.c:453): options processed OK
YR
ntlm-auth[10660](ntlm_auth.c:277): managing request
ntlm-auth[10660](ntlm_auth.c:283): ntlm authenticator. Got 'YR' from Squid
ntlm-auth[10660](ntlm_auth.c:232): obtain_challenge: selecting AP1\AS7
(attempt #1)
ntlm-auth[10660](ntlm_auth.c:244): attempting challenge retrieval
ntlm-auth[10660](libntlmssp.c:119): Connecting to server AS7 domain AP1
ntlm-auth[10660](ntlm_auth.c:246): make_challenge retuned 366a0
ntlm-auth[10660](ntlm_auth.c:248): Got it
ntlm-auth[10660](ntlm_auth.c:430): sending 'TT
TlRMTVNTUAACAAAAAAMAAwAAACiCgkEA/IV6xiZuVzkAAAAAAAAAAEFQMQ==' to squid
TT TlRMTVNTUAACAAAAAAMAAwAAACiCgkEA/IV6xiZuVzkAAAAAAAAAAEFQMQ==

My cache.log shows the following information regarding helper apps when I
first start up (no apparent errors).

2002/06/04 10:40:29| helperStatefulOpenServers: Starting 5 'ntlm_auth'
processes
2002/06/04 10:40:29| helperOpenServers: Starting 5 'msnt_auth' processes

When I use Netscape the basic helper (MSNT) works correctly. However, when
I run IE 6.0 while logged into the same domain I get "Page can not be
displayed" and the following in access.log

1023203071.457 3 130.113.220.121 TCP_DENIED/407 1401 GET
http://www.cnn.com/ - NONE/- text/html
1023203071.476 12 130.113.220.121 TCP_DENIED/407 1401 GET
http://www.cnn.com/ - NONE/- text/html

My squid.conf configuration

auth_param ntlm program /usr/local/squid/libexec/ntlm_auth AP1/AS7
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid/libexec/msnt_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl domainusers proxy_auth REQUIRED
http_access allow domainusers

Any help would be appreciated.

-Mike
Received on Tue Jun 04 2002 - 09:17:16 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:26 MST