[squid-users] Problem setting up squid with ntlm authentication

[J�r�me RICHARD]

Hello,

I'm trying to setup a Squid Cache 2.5-STABLE4  with NTLM authentication  
from an NT 4.0 Domain.

I use the wb_ntlmauth helper with the winbindd daemon that seems to be  
correctly configured (wbinfo -r & wbinfo -g runs correctly).

When I try to authenticate from my Browser (IE 5.50.4807.2300 SP2) the  
authentication is refused and a popup appear asking me login,  
password&domain. If I try to enter them the popup appear again and  
again....

I've verified my login&password with wbinfo : It's correct. So I think  
there's something wrong in my squid configuration....

I have also tried with the ntlm_auth utility provide with samba 3.0 but  
it's not better.

Can anyone help me please ?

The squid authentication is configured as follow :

auth_param ntlm program /usr/lib/squid/wb_ntlmauth -d
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
...
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl CONNECT method CONNECT
acl domainusers proxy_auth REQUIRED
http_access allow domainusers
http_access deny all
2003/10/03 17:55:10| Squid Cache (Version 2.5.STABLE4): Exiting  
normally.
2003/10/03 17:55:50| Starting Squid Cache version 2.5.STABLE4 for  
i686-pc-linux-gnu...
2003/10/03 17:55:50| Process ID 3986
2003/10/03 17:55:50| With 1024 file descriptors available
2003/10/03 17:55:50| DNS Socket created at 0.0.0.0, port 32834, FD 4
2003/10/03 17:55:50| Adding nameserver 195.68.0.1 from /etc/resolv.conf
2003/10/03 17:55:50| Adding nameserver 195.68.0.2 from /etc/resolv.conf
2003/10/03 17:55:50| helperStatefulOpenServers: Starting 5  
'wb_ntlmauth' processes
(wb_ntlmauth)[3987](wb_ntlm_auth.c:438): ntlm winbindd auth helper  
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3987](wb_ntlm_auth.c:355): target domain is  
ABC-SYSTEMES-NT
(wb_ntlmauth)[3988](wb_ntlm_auth.c:438): ntlm winbindd auth helper  
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3988](wb_ntlm_auth.c:355): target domain is  
ABC-SYSTEMES-NT
(wb_ntlmauth)[3989](wb_ntlm_auth.c:438): ntlm winbindd auth helper  
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3990](wb_ntlm_auth.c:438): ntlm winbindd auth helper  
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3991](wb_ntlm_auth.c:438): ntlm winbindd auth helper  
build Oct 16 2002, 22:39:22 starting up...
(wb_ntlmauth)[3989](wb_ntlm_auth.c:355): target domain is  
ABC-SYSTEMES-NT
(wb_ntlmauth)[3990](wb_ntlm_auth.c:355): target domain is  
ABC-SYSTEMES-NT
(wb_ntlmauth)[3991](wb_ntlm_auth.c:355): target domain is  
ABC-SYSTEMES-NT
2003/10/03 17:55:50| Unlinkd pipe opened on FD 14
2003/10/03 17:55:50| Swap maxSize 102400 KB, estimated 7876 objects
2003/10/03 17:55:50| Target number of buckets: 393
2003/10/03 17:55:50| Using 8192 Store buckets
2003/10/03 17:55:50| Max Mem  size: 8192 KB
2003/10/03 17:55:50| Max Swap size: 102400 KB
2003/10/03 17:55:50| Rebuilding storage in /var/spool/squid-front  
(CLEAN)
2003/10/03 17:55:50| Using Least Load store dir selection
2003/10/03 17:55:50| Set Current Directory to /var/spool/squid-front
2003/10/03 17:55:50| Loaded Icons.
2003/10/03 17:55:50| Accepting HTTP connections at 0.0.0.0, port 3128,  
FD 16.
2003/10/03 17:55:50| Accepting ICP messages at 0.0.0.0, port 3130, FD  
17.
2003/10/03 17:55:50| WCCP Disabled.
2003/10/03 17:55:50| Ready to serve requests.
2003/10/03 17:55:50| Done reading /var/spool/squid-front swaplog (39  
entries)
2003/10/03 17:55:50| Finished rebuilding storage from disk.
2003/10/03 17:55:50|        39 Entries scanned
2003/10/03 17:55:50|         0 Invalid entries.
2003/10/03 17:55:50|         0 With invalid flags.
2003/10/03 17:55:50|        39 Objects loaded.
2003/10/03 17:55:50|         0 Objects expired.
2003/10/03 17:55:50|         0 Objects cancelled.
2003/10/03 17:55:50|         0 Duplicate URLs purged.
2003/10/03 17:55:50|         0 Swapfile clashes avoided.
2003/10/03 17:55:50|   Took 0.0 seconds (  39.0 objects/sec).
2003/10/03 17:55:50| Beginning Validation Procedure
2003/10/03 17:55:50|   Completed Validation Procedure
2003/10/03 17:55:50|   Validated 39 Entries
2003/10/03 17:55:50|   store_swap_size = 176k
2003/10/03 17:55:51| storeLateRelease: released 0 objects
2003/10/03 18:00:49| authenticateDecodeAuth: Unsupported or  
unconfigured proxy-auth scheme, 'Basic  
YWJjLXN5c3RlbWVzLW50XGplcm9tZTphYmM
='
(wb_ntlmauth)[3987](wb_ntlm_auth.c:292): Got 'YR' from squid.
(wb_ntlmauth)[3987](wb_ntlm_auth.c:72): sending 'TT  
TlRMTVNTUAACAAAADwAPACgAAACCgkEAj3zZijBmfZQAAAAAAAAAAEFCQy1TWVNURU1FUy1O 
VA==' to s
quid
(wb_ntlmauth)[3987](wb_ntlm_auth.c:292): Got 'KK  
TlRMTVNTUAADAAAAGAAYAF0AAAAYABgAdQAAAA8ADwBAAAAABgAGAE8AAAAIAAgAVQAAAAAA 
AACNAAAAAoIBA
EFCQy1TWVNURU1FUy1OVEpFUk9NRVNFUlZfTUYx/ 
PQ9ewMGFabLgyPNpiv1NWakSpftY0fKaJesYPICaX5Wu+5HTEb5Mn+n3Ihs9b7c' from  
squid.
(wb_ntlmauth)[3987](wb_ntlm_auth.c:239): Checking user  
'ABC-SYSTEMES-NT\JEROME' lmhash len =24, have_nthash=0, nthash len=24
(wb_ntlmauth)[3987](wb_ntlm_auth.c:246): winbindd result: 0
(wb_ntlmauth)[3987](wb_ntlm_auth.c:60): sending 'NA  
ABC-SYSTEMES-NT\JEROME auth failure because: Authentication Failure ()'  
to squid







- - - - ---
J�r�me RICHARD - Virtual Net
mailto:[EMAIL PROTECTED]
t�l.  : 02.23.21.06.30 (Rennes)
t�l.  : 02.51.81.93.57 (Nantes)
t�l.  : 06.03.67.12.79 (Mobile)