[squid-users] Squid 2.5.STABLE1 and NTLM auth from Bernd Bartmann on 2004-02-04 (squid-users)

From: Bernd Bartmann <Bernd.Bartmann@dont-contact.us>
Date: Wed, 04 Feb 2004 12:56:31 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

I'm having problems to get Squid and NTLM auth running. My servers run
Red Hat Linux 9, squid-2.5.STABLE1 and samba-2.2.7a. I use the rpms
provided by Red Hat but I had to patch the squid rpm to include
- --enable-auth=basic,ntlm in configure line.

My smb.conf looks like this:

[global]
~ password server = *
~ security = domain
~ workgroup = testdomain
~ winbind separator = @
~ winbind uid = 10000-20000
~ winbind gid = 10000-20000
~ winbind enum users = yes
~ winbind enum groups = yes
~ interfaces = 192.168.115.1/24
~ encrypt passwords = yes

The system successfully joined to NT domain, wbinfo -t says
"Secret is good" and wbinfo -u lists the users on the NT server.

In squid.conf I added these lines:
auth_param ntlm program /usr/lib/squid/ntlm_auth -d testdomain/nt4-srv
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow AuthorizedUsers

Now when a users that is authenticated in the NT domain tries to use the
proxy with IE I get these messages in cache.log and IE seems to hang:

ntlm-auth[19490](ntlm_auth.c:239): obtain_challenge: selecting
TESTDOMAIN\NT4-SRV (attempt #1)
ntlm-auth[19490](ntlm_auth.c:243): Reviving DC
ntlm-auth[19490](ntlm_auth.c:251): attempting challenge retrieval
ntlm-auth[19490](libntlmssp.c:119): Connecting to server NT4-SRV domain
TESTDOMAIN
ntlm-auth[19490](libntlmssp.c:126): Couldn't connect to SMB Server.
Error:The attempt to call the remote server failed. See protocol error info.
~ RFCNBE_BadName: NetBIOS name could not be translated to IP address.
ntlm-auth[19490](ntlm_auth.c:253): make_challenge retuned (nil)
ntlm-auth[19490](ntlm_auth.c:259): Marking DC as DEAD
ntlm-auth[19490](ntlm_auth.c:262): moving on to next controller

nmblookup resolves the IP of NT4-SRV without any problem. Does anybody
have an idea how to fix this problem?

Best regards.

- --
Dipl.-Ing. (FH) Bernd Bartmann <Bernd.Bartmann@sohanet.de>
I.S. Security and Network Engineer
SoHaNet Technology GmbH / Kaiserin-Augusta-Allee 10-11 / 10553 Berlin
Fon: +49 30 214783-44 / Fax: +49 30 214783-46

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAIN3ukQuIaHu84cIRApuRAKCKYQJsEVbltgFuObuVJGf1VMSZfQCcClPB
4mPSwX7h5VV/ck1M4alfa4Q=
=TgHU
-----END PGP SIGNATURE-----
Received on Wed Feb 04 2004 - 04:55:56 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:01 MST