Hello,
I have a question regarding a section of the ntlm_auth.c file.
The problem I have happens using the ntlm_auth utility with the
squid-2.5-ntlmssp helper. After reading and searching I thought this was
the best place to get an informed response. If not, please forgive me and
discard this message.
Background:
- Apache 2 server running on Fedora 4, samba version 3.0.14a-2
- Computer is a member of the domain (security = ADS)
- The authentication seems to work fine, I can access shares, wbinfo -u/-g
returns a valid output, etc.
The authentication is enabled in Apache using: NTLMAuthHelper
"/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp".
What happens is the page fails to load in IE with a 401 error.
In the log, this is what I have:
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(1018): [client
192.168.20.92] doing ntlm auth dance
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(482): [client
192.168.20.92] Launched ntlm_helper, pid 25990
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(652): [client
192.168.20.92] creating auth user
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(703): [client
192.168.20.92] parsing reply from helper to YR TlRMT (reply shortened)
URPUkU=\n
[2007/08/28 11:40:51, 10] utils/ntlm_auth.c:manage_squid_request(1610)
Got 'YR (request shortened) PUkU=' from squid (length: 83).
[2007/08/28 11:40:51, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(588)
got NTLMSSP packet:
[2007/08/28 11:40:51, 10] lib/util.c:dump_data(2017)
(dump removed)
[2007/08/28 11:40:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa208b207
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
[Tue Aug 28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(741): [client
192.168.20.92] got response: TT TlRMTV (response shortened) QBuAAAAAAA=
[Tue Aug 28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(411): [client
192.168.20.92] sending back TlRM (response shortened) AAAAA=
[2007/08/28 11:40:51, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(598)
NTLMSSP challenge
I have started looking at the code and the last line of the log suggests
that the ntlmssp_update() call inside manage_squid_ntlmssp_request() of
utils/ntlm_auth.c is returning nt_status =
NT_STATUS_MORE_PROCESSING_REQUIRED. From there, the authentication seems
to stop.
Is it normal for the process to stop when this status is returned?
Shouldn't there be an additional processing?
Is there a way to alter the helper so that it uses a "simpler" version of
the ntlm authentication? (I have tried the basic helper with no luck).
Any help will be greatly appreciated. Thanks in advance.
--- LaurentReceived on Wed Aug 29 2007 - 17:01:25 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Aug 31 2007 - 12:00:05 MDT