[squid-users] Fwd: NTLM auth fails, Authentication pop-up keeps showing up but also fails

From: Mike <miguelmclara_at_gmail.com>
Date: Sun, 15 Jul 2012 10:13:14 +0100

Hi all,

Has the subject says, I'm having problems with NTLM in *some* users.

At first I tough this was related to a problem in some Windows 7 Laptops
that don't have the reg key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - DWORD
LmCompatibilityLevel -> set to 1 to use LM NTLM and NTLMv2.

The key was missing in the 2 laptops giving me the problem, but adding
it and rebooting didn't solve the problem

In general all works, most users don't complain, and indeed the ones with the problem were missing this key in the registry.
When the user opens IE/site (ntlm auth) I see this on cache.log:

NTLMSSP challenge
2012/07/13 11:23:11.043| ConnStateData::swanSong: FD 33
Got 'YR
TlRMTVNTUAADAAAAGAAYAJQAAAAYABgArAAAAAoACgBYAAAAGgAaAGIAAAAYABgAfAAAAAAAAADEAAAABYKIogYBsR0AAAAPHKcl6C2DGcPhZg1gFNMQqUMAQQBMAEUATQBDAGEAcgBsAGEAQwBhAHIAdgBhAGwAaABvAFcARABMAEgAUAA2ADMAMABOAEwAMAAyAJ3X1msrdlsCAAAAAAAAAAAAAAAAAAAAAL0k3O/g5/bRhTcU9HDH3PpqgbCc4abP4w=='
from squid (length: 267).
got NTLMSSP packet:
got NTLMSSP command 3, expected 1
NTLMSSP NT_STATUS_INVALID_PARAMETER
2012/07/13 11:23:11.256| ConnStateData::swanSong: FD 33

This is when I send the "basic auth"
Got 'YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from
squid (length: 59).
got NTLMSSP packet:
Got NTLMSSP neg_flags=0xa2088207
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_NEGOTIATE_OEM
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_56
NTLMSSP challenge
2012/07/13 11:23:33.226| ConnStateData::swanSong: FD 13
Got 'YR
TlRMTVNTUAADAAAAGAAYAJQAAAAYABgArAAAAAoACgBYAAAAGgAaAGIAAAAYABgAfAAAAAAAAADEAAAABYKIogYBsR0AAAAP0dxfDL0xcw63QgT5XihRs0MAQQBMAEUATQBDAGEAcgBsAGEAQwBhAHIAdgBhAGwAaABvAFcARABMAEgAUAA2ADMAMABOAEwAMAAyAHncwjOdiQMNAAAAAAAAAAAAAAAAAAAAAGh+wPIBTsJQcYCTWvqvSQWmEPgrgyxOnw=='
from squid (length: 267).
got NTLMSSP packet:
got NTLMSSP command 3, expected 1
NTLMSSP NT_STATUS_INVALID_PARAMETER
2012/07/13 11:23:39.436| ConnStateData::swanSong: FD 13
2012/07/13 11:23:40.451| ConnStateData::swanSong: FD 13

More info about my setup:

squid -v
Squid Cache: Version 3.1.19
configure options: '--sysconfdir=/usr/pkg/etc/squid'
'--localstatedir=/var/squid' '--datarootdir=/usr/pkg/share/squid'
'--enable-auth=basic,digest,ntlm' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-icmp'
'--enable-removal-policies=lru,heap' '--enable-poll'
'--enable-storeio=ufs diskd' '--with-aio'
'--disable-strict-error-checking' '--enable-icap-client'
'--with-default-user=squid' '--with-pidfile=/var/run/squid.pid'
'--enable-ipf-transparent' '--enable-carp' '--enable-snmp'
'--enable-ssl' '--with-openssl=/usr'
'--enable-basic-auth-helpers=getpwnam MSNT NCSA YP PAM'
'--enable-digest-auth-helpers=password'
'--enable-ntlm-auth-helpers=fakeauth'
'--enable-external-acl-helpers=ip_user unix_group' '--prefix=/usr/pkg'
'--build=x86_64--netbsd' '--host=x86_64--netbsd' '--mandir=/usr/pkg/man'
'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' 'CC=gcc'
'CFLAGS=-O2 -I/usr/include' 'LDFLAGS=-L/usr/lib -Wl,-R/usr/lib
-Wl,-R/usr/pkg/lib' 'LIBS=' 'CPPFLAGS=-I/usr/include' 'CXX=c++'
'CXXFLAGS=-O2 -I/usr/include'
--with-squid=/scratch/www/squid31/work/squid-3.1.19
--enable-ltdl-convenience

Samba Version 3.6.5

OS: netbsd-6, samba and squid installed from pkgsrc

At this moment I'm not sure if I missed something installing squid/samba or if its indeed a problem with this particular windows client.

Thanks

Note: I do not have kerbuerus auth set up, because this is no easy task
on netbsd, I still need to research on this.
Received on Sun Jul 15 2012 - 09:13:26 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 15 2012 - 12:00:02 MDT