Follow-up to yesterday's post about successes with XP and NTLM auth to
Squid. What I'm seeing is the client sending a RST packet to Squid in the
middle of the second phase of auth. The packet trace follows the normal
mechanics of NTLM authentication:
1. Client connects and requests page.
2. Squid responds with 407 Proxy-Authentication: NTLM
3. TCP session is torn down.
4. Client connects again with Proxy-Authorization: NTLM
5. Squid responds with 407 Proxy-Authenticate: NTLM
6. At this point the session breaks down. I get an ACK from the client for
the 407 packet. Then out of the blue the client sends a RST ending the
session.
We have opened a case with M$ with the packet traces. Has anyone seen this
behavior before? Our configuration:
Squid Cache: Version 2.5.STABLE3
configure options: --prefix=/software/squid
--enable-auth=basic,ntlm,digest --enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,ufs --enable-delay-pools
--enable-linux-netfilter --with-pthreads
--enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,MSNT,winbind,multi-domain-NTLM
--enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl-helpers=ldap_group,unix_group,winbind_group
--with-winbind --with-winbind-auth-challenge
--with-samba-sources=/usr/src/redhat/BUILD/samba-2.2.7
This is RedHat Enterprise edition.
Again the XP client as a bit flipped that says it will only support NTLM.
It behaves as expected with the bit flip for LM & NTLM.
Jayme Frye
Received on Tue Jul 15 2003 - 16:01:36 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:00 MST