[Samba] [Fwd: [squid-users] NTLM Authentication Problem]

Jim Richey jrichey at highmark.com
Thu Oct 30 19:36:08 GMT 2003 

Looks better. But the helper dies and crashes Squid. Looks like it can't 
find /usr/local/samba/lib/POSIX.msg. Is there a Samba configure option 
to make this file?

[2003/10/30 14:28:18, 10] utils/ntlm_auth.c:manage_squid_request(1061)
  Got 'YR 
TlRMTVNTUAABAAAAB7IAoAgACAAmAAAABgAGACAAAABSSUNIRVlISUdITUFSS2==' from 
squid (length: 67).
[2003/10/30 14:28:18, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(312)
  got NTLMSSP packet:
[2003/10/30 14:28:18, 10] lib/util.c:dump_data(1825)
  [000] 4E 54 4C 4D 53 53 50 00  01 00 00 00 07 B2 00 A0  NTLMSSP. ........
  [010] 08 00 08 00 26 00 00 00  06 00 06 00 20 00 00 00  ....&... .... ...
  [020] 52 49 43 48 45 59 48 49  47 48 4D 41 52 4B 60     RICHEYHI GHMARK`
[2003/10/30 14:28:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33)
  Got NTLMSSP neg_flags=0xa000b207
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
    NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_128
[2003/10/30 14:28:18, 10] intl/lang_tdb.c:lang_tdb_init(135)
  lang_tdb_init: /usr/local/samba/lib/POSIX.msg: No such file or 
directoryNTLMSSP NT_STATUS_INVALID_PARAMETER
2003/10/30 14:28:18| Attempt to lower Auth User request 0x8530620 
refcount below 0!
[2003/10/30 14:28:18, 1] utils/ntlm_auth.c:manage_squid_request(1042)
  fgets() failed! dying..... errno=0 (Success)
[2003/10/30 14:28:18, 1] utils/ntlm_auth.c:manage_squid_request(1042)
  fgets() failed! dying..... errno=0 (Success)
2003/10/30 14:28:21| Starting Squid Cache version 3.0-PRE3-20031030 for 
i686-pc-linux-gnu...


Andrew Bartlett wrote:

>On Thu, 2003-10-30 at 05:53, rruegner wrote:
>  
>
>>Hi,
>>i tried this too with samba 3 and squid  2.5STABLE4  and i cant get it to
>>work too.
>>    
>>
>
>  
>
>>>I'm having a problem getting NTLM authentication working between Squid
>>>2.5STABLE4 and Samba 3.0.0 running on Slackware Linux 2.4.18. I've read
>>>      
>>>
>>the
>>    
>>
>>>archives, faq, how-to, walk-thru, etc, and believe I have everthing
>>>correctly configured. I'm using the helper that is part of  Samba 3.0,
>>>not the Squid helper. Basic authentication works fine with the helper,
>>>but I cannot get ntlmssp working.
>>>      
>>>
>
>  
>
>>>I can also authenticate successfully with the helper from the command
>>>      
>>>
>>line:
>>    
>>
>>>#ntlm_auth --username testuser --password testpass
>>>NT_STATUS_OK: Success (0x0)
>>>
>>>However, when I try to use ntlm authentication from a browser I get this
>>>in cache.log:
>>>[2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_request(1061)
>>> Got 'YR' from squid (length: 2).
>>>[2003/10/28 10:43:41, 10]
>>>utils/ntlm_auth.c:manage_squid_ntlmssp_request(312)
>>> got NTLMSSP packet:
>>>[2003/10/28 10:43:41, 10]
>>>utils/ntlm_auth.c:manage_squid_ntlmssp_request(322)
>>> NTLMSSP challenge
>>>
>>>IE 6.0 SP1 get's a The page Cannot be displayed error. Mozilla 1.5 gives
>>>      
>>>
>>the login popup,
>>    
>>
>>>but after entering user id and password returns the Cache Access Denied
>>>      
>>>
>>page.
>>    
>>
>
>What are the clients in these cases?  (Win9X is known to have problem)
>
>Can you try Squid 3.0, applying this patch (not my patch, thank kinkie
>from the squid team for it), and set 
>
>ntlmv2 on
>
>in your squid.conf?
>
>I think the problem might be that the client is setting something
>'interesting' in their NTLMSSP negotiate packet, but that without this
>patch, we are prevented from seeing it.
>
>(The patch might apply the squid 2.5, if you rename the .cc to .c).
>
>Andrew Bartlett
>
>  
>

More information about the samba mailing list