The problem is the autentificación NTLM of Windows7. It is necessary to
create the following key in the registry to solve it (I'm using Squid
Version 3.0.STABLE8 in Debian Lenny):
1. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
If it doesn’t exist, create a DWORD value named LmCompatibilityLevel and set
the value to 1 to use LM NTLM and NTLMv2 if is negociated, this is
Also it works establishing the value to 0, and 3 though for more safety the
value using 3 though with old operating systems it will not work on having
used obligatorily NTLMv2.
2. Reboot
To follow the link for more information:
http://technet.microsoft.com/es-es/magazine/2006.08.securitywatch(en-us).aspx
Tim.Towers wrote:
>
> We use NTLM authentication, but the new windows 7 beta (yes, its beta
> but its nice to know of potential issues before they get widely
> released) seems to be having trouble authenticating.
>
> A standard authentication from XP provides the following in
> /var/log/squid/cache.log:
>
> Got user=[912058] domain=[UK] workstation=[LONW037057] len1=24 len2=24
>
> An authentication from Windows 7 beta is shown below:
>
> Got user=[009340] domain=[UK] workstation=[LONW032292] len1=24
> len2=332
> Login for user [uk]\[0093...@[lonw032292] failed due to [Invalid
> parameter]
>
> I see the different "len2" information at the end, so I assume MS has
> extended something.
>
> The packages we are running are squid-2.6.STABLE20-1.el5 and
> samba-common-3.0.28-1.el5_2.1.
>
> I am curious whether a package upgrade will fix the problem, if this
> windows 7 thingy has introduced an incompatibility that we expect MS to
> fix with their next release or if this is a valid request that uses a
> hitherto unused part of the protocol and therefore we should allow for
> it.
>
> Tim Towers
> Senior Security Analyst
> Global Network Services
> CLIFFORD CHANCE LLP
> 10 Upper Bank Street
> London E14 5JJ
> *:Direct Dial +44 (0)20 7006 5645
> *:Mobile +44 (0)794 9244498
> *:Switchboard +44 (0)20 7006 1000
> *:Email tim.tow...@cliffordchance.com
> This message and any attachment are confidential and may be privileged or
> otherwise protected from disclosure.
> If you are not the intended recipient, please telephone or email the
> sender and delete this message and any
> attachment from your system. If you are not the intended recipient you
> must not copy this message or attachment
> or disclose the contents to any other person.
>
> Clifford Chance LLP is a limited liability partnership registered in
> England & Wales under number OC323571.
> The firm's registered office and principal place of business is at 10
> Upper Bank Street, London, E14 5JJ.
> For further details, including a list of members and their professional
> qualifications, see our website
> at www.cliffordchance.com. The firm uses the word 'partner' to refer to a
> member of Clifford Chance LLP or
> an employee or consultant with equivalent standing and qualifications. The
> firm is regulated by the Solicitors Regulation Authority. The Authority's
> rules can be accessed by clicking on the following link:
> http://www.sra.org.uk/code-of-conduct.page
>
> Clifford Chance as a global firm regularly shares client and/or
> matter-related data among its different
> offices and support entities in strict compliance with internal control
> policies and statutory requirements.
> Incoming and outgoing email communications may be monitored by Clifford
> Chance, as permitted by applicable law and regulations.
>
> For further information about Clifford Chance please see our website at
> http://www.cliffordchance.com or refer
> to any Clifford Chance office.
>
>
>
>
--
View this message in context:
http://www.nabble.com/Windows-7-beta-and-NTLM-tp21377271p23424106.html
Sent from the Squid - Users mailing list archive at Nabble.com.
