On Thu, 2011-04-28 at 16:30 +0500, Firuz Azimov wrote: > [2011/03/05 16:20:41, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:00, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:00, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:00, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:01, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:05, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:05, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:06, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > [2011/03/05 16:21:07, 1] libsmb/ntlmssp.c:335(ntlmssp_update) > got NTLMSSP command 1, expected 3 > > This log from cache.log. Our authentication is ntlm-based.OS: Linux Gentoo, > Samba 3.5.6 > > Users getting popup auth windows randomly while surfing in the Internet. > Thanks a lot
I presume you are using squid? You should probably take this up with them - they need to ensure they are not sending NTLMSSP packets out of order. Are you sure that your windows clients are sending the 3-way NTLMSSP handshake correctly? This may come from a Windows client dropping it's HTTP connection part-way though the handshake. HTTP keep-alives play into this as well (that's how the 3-way handshake is maintained over 'stateless' HTTP). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
