[squid-users] ntlm_auth + samba 3.0.14a problem

From: pt <[email protected]>
Date: Mon, 18 Apr 2005 17:00:38 +0200

Hi everybody!

I have the same problem that duranm@dont-contact.us has posted about a while ago:

In short I configured squid 2.5.STABLE5 compiled with the following option:

--enable-ntlm-auth-helpers=winbind,SMB --enable-external-acl-helpers=unix_group,wbinfo_group --enable-auth=ntlm,basic --with-winbind-auth-challenge --enable-basic-auth-helpers=winbind

to use ntlm authentication over my win2000Server domain:

auth_param ntlm program /usr/bin/ntlm_auth -d 10 --helper-protocol=squid-2.5-ntlmssp --nt-response
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

acl password proxy_auth REQUIRED

http_access allow password
http_access deny all

cache_effective_user squid
cache_effective_group squid

i also recompiled samba-3.0.14b with --with-winbind and checked the winbind_privileged pipe but it still doesn't work!

When i open IE 6.0SP2 it keeps saying: "unable to load page"

My access.log reports TCP_DENIED but cache.log reports the following:

2005/04/18 16:41:13| DNS Socket created at 0.0.0.0, port 33107, FD 6
2005/04/18 16:41:13| Adding nameserver 127.0.0.1 from squid.conf
2005/04/18 16:41:13| helperStatefulOpenServers: Starting 1 'ntlm_auth' processes
2005/04/18 16:41:15| Accepting HTTP connections at 0.0.0.0, port 3128, FD 7.
2005/04/18 16:41:15| Accepting ICP messages at 0.0.0.0, port 3130, FD 9.
2005/04/18 16:41:15| WCCP Disabled.
2005/04/18 16:41:15| Loaded Icons.
2005/04/18 16:41:15| Ready to serve requests.
[2005/04/18 16:41:15, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
[2005/04/18 16:41:33, 10] utils/ntlm_auth.c:manage_squid_request(1609)
  Got 'YR TlRMTVNTUAABAAAAB7IIog8ADwAuAAAABgAGACgAAAAFASgKAAAAD0lCTS0wMkNEQy1UT1JSRVNDQUxMQQ==' from squid (length: 87).
[2005/04/18 16:41:33, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(587)
  got NTLMSSP packet:
[2005/04/18 16:41:33, 10] lib/util.c:dump_data(1995)
  [000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 B2 08 A2 NTLMSSP. ........
  [010] 0F 00 0F 00 2E 00 00 00 06 00 06 00 28 00 00 00 ........ ....(...
  [020] 05 01 28 0A 00 00 00 0F 49 42 4D 2D 30 32 43 44 ..(..... IBM-02CD
  [030] 43 2D 54 4F 52 52 45 53 43 41 4C 4C 41 C-TORRES CALLA
[2005/04/18 16:41:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xa208b207
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
    NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
[2005/04/18 16:41:33, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(597)
  NTLMSSP challenge

The wierd thing is it doesn't either say NT_FAILURE or NT_SUCCED but actually stops before the first request has completed!

Please help!

Mario
Received on Mon Apr 18 2005 - 09:00:40 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT