[Samba] squid ntlm_auth not working on versions above 3.0.26

Juan Miguel Corral cde_ruylopez at yahoo.es
Fri Oct 3 13:34:04 GMT 2008 

Hello. I am using squid with ntlm authentication against a samba PDC. It has worked for me perfectly in debian etch with samba version 3.0.24, and ubuntu Gutsy with samba 3.0.26a.

But when I have upgraded those servers to hardy (samba 3.0.28a) and lenny (3.2.3), thn sqwuid auth has stopped working, without any other config change.

Squid version I am using is 2.6-STABLE17, and . I am using the ntlm_auth helper that comes with squid. I think maybe the one that comes with samba would work better, but the problem is that it requires winbind, and since I am running sqquid in the same box as the PDC, I don't know if winbind would work.

This is the relevant section of my squid.conf file:

# ntlm authentication
auth_param ntlm program /usr/lib/squid/ntlm_auth -d cfs/sanmiguel
auth_param ntlm children 5

This the error log from cache.log:

ntlm_auth[6525](ntlm_auth.c:284): managing request
ntlm_auth[6525](ntlm_auth.c:290): ntlm authenticator. Got 'YR TlRMTVNTUAABAAAAB7IIogMAAwAzAAAACwALACgAAAAFASgKAAAAD1NBTkpVQU4tV0lOQ0ZT' from Squid
ntlm_auth[6525](ntlm_auth.c:239): obtain_challenge: selecting CFS\SANMIGUEL (attempt #1)
ntlm_auth[6525](ntlm_auth.c:251): attempting challenge retrieval
ntlm_auth[6525](libntlmssp.c:119): Connecting to server SANMIGUEL domain CFS
ntlm_auth[6525](ntlm_auth.c:253): make_challenge retuned 0x8053640
ntlm_auth[6525](ntlm_auth.c:255): Got it
ntlm_auth[6525](ntlm_auth.c:437): sending 'TT TlRMTVNTUAACAAAAAwADACgAAACCgkEANvB2+cNQb/IAAAAAAAAAAENGUw==' to squid
ntlm_auth[6525](ntlm_auth.c:284): managing request
ntlm_auth[6525](ntlm_auth.c:290): ntlm authenticator. Got 'KK TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAMAAwBIAAAACAAIAEsAAAALAAsAUwAAAAAAAACOAAAABoIAAgUBKAoAAAAPQ0ZTSk1DT1JSQUxTQU5KVUFOLVdJTokKMOkDJf4n5BNKsTrIbb66D8u2KMoPtfikZvEncvDGXbVDxik4H698mycLU0Jtzj==' from Squid
ntlm_auth[6525](libntlmssp.c:268): Empty LM pass detection: user: 'JMCORRAL', ours:'�r
��"M'G�� �p��е=�S$��+u׹��w�ߛhh�]�S1���Request completed sucessfully.', his: '�
0�%�'�J�:�m��˶(���f�'r��]�C�)8�|�'
                                     SBm�0'(length: 24)
ntlm_auth[6525](libntlmssp.c:280): Empty NT pass detection: user: 'JMCORRAL', ours:'��+u׹��w�ߛhh�]�S1���Request completed sucessfully.', his: '��f�'r��]�C�)8�|�'
  SBm�0'(length: 24)
ntlm_auth[6525](libntlmssp.c:294): checking domain: 'CFS', user: 'JMCORRAL', pass='�
0�%�'�J�:�m��˶(�'
ntlm_auth[6525](libntlmssp.c:297): Login attempt had result -1
ntlm_auth[6525](ntlm_auth.c:350): No creds. SMBlib error 1, SMB error class 1, SMB error code 5, NB error 0
ntlm_auth[6525](ntlm_auth.c:371): DOS error
ntlm_auth[6525](ntlm_auth.c:376): sending 'NA Access denied' to squid


Any help would be much appreciated. Thank you very much.
Juan.

More information about the samba mailing list