The problem is the autentificación NTLM of Windows7. It is necessary to create the following key in the registry to solve it (I'm using Squid Version 3.0.STABLE8 in Debian Lenny): 1. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa If it doesn’t exist, create a DWORD value named LmCompatibilityLevel and set the value to 1 to use LM NTLM and NTLMv2 if is negociated, this is Also it works establishing the value to 0, and 3 though for more safety the value using 3 though with old operating systems it will not work on having used obligatorily NTLMv2. 2. Reboot To follow the link for more information: http://technet.microsoft.com/es-es/magazine/2006.08.securitywatch(en-us).aspx Tim.Towers wrote: > > We use NTLM authentication, but the new windows 7 beta (yes, its beta > but its nice to know of potential issues before they get widely > released) seems to be having trouble authenticating. > > A standard authentication from XP provides the following in > /var/log/squid/cache.log: > > Got user=[912058] domain=[UK] workstation=[LONW037057] len1=24 len2=24 > > An authentication from Windows 7 beta is shown below: > > Got user=[009340] domain=[UK] workstation=[LONW032292] len1=24 > len2=332 > Login for user [UK]\[009340]@[LONW032292] failed due to [Invalid > parameter] > > I see the different "len2" information at the end, so I assume MS has > extended something. > > The packages we are running are squid-2.6.STABLE20-1.el5 and > samba-common-3.0.28-1.el5_2.1. > > I am curious whether a package upgrade will fix the problem, if this > windows 7 thingy has introduced an incompatibility that we expect MS to > fix with their next release or if this is a valid request that uses a > hitherto unused part of the protocol and therefore we should allow for > it. > > Tim Towers > Senior Security Analyst > Global Network Services > CLIFFORD CHANCE LLP > 10 Upper Bank Street > London E14 5JJ > *:Direct Dial +44 (0)20 7006 5645 > *:Mobile +44 (0)794 9244498 > *:Switchboard +44 (0)20 7006 1000 > *:Email tim.towers@xxxxxxxxxxxxxxxxxx > This message and any attachment are confidential and may be privileged or > otherwise protected from disclosure. > If you are not the intended recipient, please telephone or email the > sender and delete this message and any > attachment from your system. If you are not the intended recipient you > must not copy this message or attachment > or disclose the contents to any other person. > > Clifford Chance LLP is a limited liability partnership registered in > England & Wales under number OC323571. > The firm's registered office and principal place of business is at 10 > Upper Bank Street, London, E14 5JJ. > For further details, including a list of members and their professional > qualifications, see our website > at www.cliffordchance.com. The firm uses the word 'partner' to refer to a > member of Clifford Chance LLP or > an employee or consultant with equivalent standing and qualifications. The > firm is regulated by the Solicitors Regulation Authority. The Authority's > rules can be accessed by clicking on the following link: > http://www.sra.org.uk/code-of-conduct.page > > Clifford Chance as a global firm regularly shares client and/or > matter-related data among its different > offices and support entities in strict compliance with internal control > policies and statutory requirements. > Incoming and outgoing email communications may be monitored by Clifford > Chance, as permitted by applicable law and regulations. > > For further information about Clifford Chance please see our website at > http://www.cliffordchance.com or refer > to any Clifford Chance office. > > > > -- View this message in context: http://www.nabble.com/Windows-7-beta-and-NTLM-tp21377271p23424106.html Sent from the Squid - Users mailing list archive at Nabble.com.
