On 11/08/11 20:55, Christian Gregoire wrote:
Check cache.log for any mentions of problems. Perhapse enable debugging
with -d on the helper to see if there is an issue with the validation.
Thanks for the tip. Indeed, I've run squid with the -X flag and got a pretty
clear error for that request, while everything's fine for the others :
[...]
2011/08/10 18:22:54.040| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
us 'AF expinet.colissimo'
2011/08/10 18:22:54.040| authenticateNTLMHandleReply: Successfully validated
user via NTLM. Username 'expinet.colissimo'
2011/08/10 18:22:54.845| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
us 'TT
TlRMTVNTUAACAAAADAAMADAAAAAFgomiVcvIuzNYgBwAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
2011/08/10 18:22:54.845| authenticateNTLMHandleReply: Need to challenge the
client with a server blob
'TlRMTVNTUAACAAAADAAMADAAAAAFgomiVcvIuzNYgBwAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
2011/08/10 18:22:54.854| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
us 'AF expinet.colissimo'
2011/08/10 18:22:54.855| authenticateNTLMHandleReply: Successfully validated
user via NTLM. Username 'expinet.colissimo'
2011/08/10 18:22:57.166| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
us 'TT
TlRMTVNTUAACAAAADAAMADAAAAAFgomiBYi9jX1PfFAAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
2011/08/10 18:22:57.166| authenticateNTLMHandleReply: Need to challenge the
client with a server blob
'TlRMTVNTUAACAAAADAAMADAAAAAFgomiBYi9jX1PfFAAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
2011/08/10 18:22:57.176| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
us 'AF expinet.colissimo'
2011/08/10 18:22:57.176| authenticateNTLMHandleReply: Successfully validated
user via NTLM. Username 'expinet.colissimo'
2011/08/10 18:22:58.629| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
us 'TT
TlRMTVNTUAACAAAADAAMADAAAAAFgomi/vpkDjFtgzcAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
2011/08/10 18:22:58.629| authenticateNTLMHandleReply: Need to challenge the
client with a server blob
'TlRMTVNTUAACAAAADAAMADAAAAAFgomi/vpkDjFtgzcAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
2011/08/10 18:22:58.639| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
us 'NA NT_STATUS_NO_SUCH_USER'
2011/08/10 18:22:58.639| authenticateNTLMHandleReply: Failed validating user via
NTLM. Error returned 'NT_STATUS_NO_SUCH_USER'
The challenge might be wrongly generated by the client, though it'd be weird
given the previous ones are correct. Or, if it's still related to the POST data
length being zero, just to clear things up, do you know if it's (the POST data)
used by the challenge generation algorithm?
POST data should be irrelevant. The helper is only working with an
failing to validate the Proxy-Authenticate header contents.
The trace you have above is Squids view of things. You need to send -d
to the helper itself (if available) to get the helpers view of whats
going on inside there.
What application is this? there are two bugs in those headers that need
reporting. Not related to your NTLM problems though.
It's a Windows software, I don't know which client HTTP library is used.
Darn. Oh well.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.10