Re: [squid-users] Windows 7 beta and NTLM

The problem is the autentificación NTLM of Windows7. It is necessary to
create the following key in the registry to solve it (I'm using Squid
Version 3.0.STABLE8 in Debian Lenny):

1. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
If it doesn’t exist, create a DWORD value named LmCompatibilityLevel and set
the value to 1 to use LM NTLM and NTLMv2 if is negociated, this is
Also it works establishing the value to 0, and 3 though for more safety the
value using 3 though with old operating systems it will not work on having
used obligatorily NTLMv2.

2. Reboot

To follow the link for more information:
http://technet.microsoft.com/es-es/magazine/2006.08.securitywatch(en-us).aspx

Tim.Towers wrote:
>
> We use NTLM authentication, but the new windows 7 beta (yes, its beta
> but its nice to know of potential issues before they get widely
> released) seems to be having trouble authenticating.
>
> A standard authentication from XP provides the following in
> /var/log/squid/cache.log:
>
> Got user=[912058] domain=[UK] workstation=[LONW037057] len1=24 len2=24
>
> An authentication from Windows 7 beta is shown below:
>
> Got user=[009340] domain=[UK] workstation=[LONW032292] len1=24
> len2=332
> Login for user [UK]\[009340]@[LONW032292] failed due to [Invalid
> parameter]
>
> I see the different "len2" information at the end, so I assume MS has
> extended something.
>
> The packages we are running are squid-2.6.STABLE20-1.el5 and
> samba-common-3.0.28-1.el5_2.1.
>
> I am curious whether a package upgrade will fix the problem, if this
> windows 7 thingy has introduced an incompatibility that we expect MS to
> fix with their next release or if this is a valid request that uses a
> hitherto unused part of the protocol and therefore we should allow for
> it.
>
> Tim Towers
> Senior Security Analyst
> Global Network Services
> CLIFFORD CHANCE LLP
> 10 Upper Bank Street
> London E14 5JJ
> *:Direct Dial +44 (0)20 7006 5645
> *:Mobile +44 (0)794 9244498
> *:Switchboard +44 (0)20 7006 1000
> *:Email tim.towers_at_cliffordchance.com
> This message and any attachment are confidential and may be privileged or
> otherwise protected from disclosure.
> If you are not the intended recipient, please telephone or email the
> sender and delete this message and any
> attachment from your system. If you are not the intended recipient you
> must not copy this message or attachment
> or disclose the contents to any other person.
>
> Clifford Chance LLP is a limited liability partnership registered in
> England & Wales under number OC323571.
> The firm's registered office and principal place of business is at 10
> Upper Bank Street, London, E14 5JJ.
> For further details, including a list of members and their professional
> qualifications, see our website
> at www.cliffordchance.com. The firm uses the word 'partner' to refer to a
> member of Clifford Chance LLP or
> an employee or consultant with equivalent standing and qualifications. The
> firm is regulated by the Solicitors Regulation Authority. The Authority's
> rules can be accessed by clicking on the following link:
> http://www.sra.org.uk/code-of-conduct.page
>
> Clifford Chance as a global firm regularly shares client and/or
> matter-related data among its different
> offices and support entities in strict compliance with internal control
> policies and statutory requirements.
> Incoming and outgoing email communications may be monitored by Clifford
> Chance, as permitted by applicable law and regulations.
>
> For further information about Clifford Chance please see our website at
> http://www.cliffordchance.com or refer
> to any Clifford Chance office.
>
>
>
>

-- 
View this message in context: http://www.nabble.com/Windows-7-beta-and-NTLM-tp21377271p23424106.html
Sent from the Squid - Users mailing list archive at Nabble.com.