Juan Miguel Corral
2008-Oct-03 13:40 UTC
[Samba] squid ntlm_auth not working on versions above 3.0.26
Hello. I am using squid with ntlm authentication against a samba PDC. It has worked for me perfectly in debian etch with samba version 3.0.24, and ubuntu Gutsy with samba 3.0.26a. But when I have upgraded those servers to hardy (samba 3.0.28a) and lenny (3.2.3), thn sqwuid auth has stopped working, without any other config change. Squid version I am using is 2.6-STABLE17, and . I am using the ntlm_auth helper that comes with squid. I think maybe the one that comes with samba would work better, but the problem is that it requires winbind, and since I am running sqquid in the same box as the PDC, I don't know if winbind would work. This is the relevant section of my squid.conf file: # ntlm authentication auth_param ntlm program /usr/lib/squid/ntlm_auth -d cfs/sanmiguel auth_param ntlm children 5 This the error log from cache.log: ntlm_auth[6525](ntlm_auth.c:284): managing request ntlm_auth[6525](ntlm_auth.c:290): ntlm authenticator. Got 'YR TlRMTVNTUAABAAAAB7IIogMAAwAzAAAACwALACgAAAAFASgKAAAAD1NBTkpVQU4tV0lOQ0ZT' from Squid ntlm_auth[6525](ntlm_auth.c:239): obtain_challenge: selecting CFS\SANMIGUEL (attempt #1) ntlm_auth[6525](ntlm_auth.c:251): attempting challenge retrieval ntlm_auth[6525](libntlmssp.c:119): Connecting to server SANMIGUEL domain CFS ntlm_auth[6525](ntlm_auth.c:253): make_challenge retuned 0x8053640 ntlm_auth[6525](ntlm_auth.c:255): Got it ntlm_auth[6525](ntlm_auth.c:437): sending 'TT TlRMTVNTUAACAAAAAwADACgAAACCgkEANvB2+cNQb/IAAAAAAAAAAENGUw==' to squid ntlm_auth[6525](ntlm_auth.c:284): managing request ntlm_auth[6525](ntlm_auth.c:290): ntlm authenticator. Got 'KK TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAMAAwBIAAAACAAIAEsAAAALAAsAUwAAAAAAAACOAAAABoIAAgUBKAoAAAAPQ0ZTSk1DT1JSQUxTQU5KVUFOLVdJTokKMOkDJf4n5BNKsTrIbb66D8u2KMoPtfikZvEncvDGXbVDxik4H698mycLU0Jtzj==' from Squid ntlm_auth[6525](libntlmssp.c:268): Empty LM pass detection: user: 'JMCORRAL', ours:'?r ??"M'G?? ?p???=?S$??+u???w??hh?]?S1???Request completed sucessfully.', his: '? 0?%?'?J?:?m???(???f?'r??]?C?)8?|?' ???????????????????????????????????? SBm?0'(length: 24) ntlm_auth[6525](libntlmssp.c:280): Empty NT pass detection: user: 'JMCORRAL', ours:'??+u???w??hh?]?S1???Request completed sucessfully.', his: '??f?'r??]?C?)8?|?' ? SBm?0'(length: 24) ntlm_auth[6525](libntlmssp.c:294): checking domain: 'CFS', user: 'JMCORRAL', pass='? 0?%?'?J?:?m???(?' ntlm_auth[6525](libntlmssp.c:297): Login attempt had result -1 ntlm_auth[6525](ntlm_auth.c:350): No creds. SMBlib error 1, SMB error class 1, SMB error code 5, NB error 0 ntlm_auth[6525](ntlm_auth.c:371): DOS error ntlm_auth[6525](ntlm_auth.c:376): sending 'NA Access denied' to squid Any help would be much appreciated. Thank you very much. Juan.