On 23/04/2013 8:12 p.m., nicola gentile wrote:
Good morning, I would ask you an information and help. Actually I use squid 3.1.21 on debian 6.0.7 with ntlm and kerberos authentication and all works fine. Now I must recompile squid and I would test 3.3.3 version.
FYI squid-3.3 packages just hit Debian unstable repositories yesterday.
The options that I have used for the compile are: ./configure --prefix=/usr/local/squid \ --with-default-user=proxy \ --enable-async-io \ --enable-storeio="ufs,aufs,diskd" \ --enable-auth \ --disable-auth-basic \ --enable-auth-ntml=smb_lm \ --enable-auth-negotiate=kerberos,wrapper \ --disable-auth-digest \ --with-large-files \ --with-filedescriptors=65535 \ --enable-ltdl-convenience \ --enable-ssl \ --disable-ipv6 The daemon seems to work but when I try to authenticate through ntlm not work while kerberos work correctly
Probably because what you are using is the old SMB LanManager helper which only supports NTLMv1 and older LM protocols. Try the Samba ntlm_auth helper instead which is bundled on Debian in the winbind or winbind4 package.
This KK siganture:
ntlm_smb_lm_auth.cc(488): pid=11663 :ntlm authenticator. Got 'KK TlRMTVNTUAADAAAAGAAYAGwAAAAYABgAhAAAAAYABgBYAAAABwAHAF4AAAAHAAcAZQAAAAAAAACcAAAABoIAAgYBsR0AAAAPIp8Zk9ICN8Hw1rL0qdbrHlBPTElUT0QwMDMwMzJQQ0xEMDUwIRuK8hsvU3s5klqASx0ijB7dbIt+CIw+IRuK8hsvU3s5klqASx0ijB7dbIt+CIw+' from Squid ntlmssp: bad ascii: 001b No auth at all. Returning no-auth ntlm_smb_lm_auth.cc(531): pid=11663 :sending 'NA Logon Failure' to squid
... contains flags indicating a security signature in use. So it looks like NTLMv2 with security extensions to me.
If I'm right and it is NTLMv2 in use you require the Samba helper. Amos
