Search squid archive

Fwd: squid 3.2.8 ntlm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've been running squid 3.2.8 for a while now using
negotiate_wrapper_auth with kerberos and NTLM however i discovered
today that NTLM auth does not work

wbinfo -t

checking the trust secret for domain MYDOMAIN via RPC calls succeeded

# /usr/bin/ntlm_auth --username=myuser --password=pass

NT_STATUS_OK: Success (0x0)

Kerberos and Basic works 100% it's only NTLM that does not seem to work..

OS:Centos 6.4 (updated)
Squid:3.2.8
Samba:rpm -qf /usr/bin/ntlm_auth
samba-winbind-clients-3.6.9-151.el6.x86_64

Auth Helper config

### negotiate kerberos and ntlm authentication
auth_param negotiate program /usr/lib64/squid/negotiate_wrapper_auth
-D --ntlm /usr/bin/ntlm_auth  --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN --kerberos
/usr/lib64/squid/negotiate_kerberos_auth -r -s GSS_C_NO_NAME
auth_param negotiate children 50
auth_param negotiate keep_alive off


### pure ntlm authentication
auth_param ntlm program /usr/bin/ntlm_auth --debug-level=10
--diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
auth_param ntlm children 50
auth_param ntlm keep_alive off


### provide basic authentication via ldap for clients not
authenticated via kerberos/ntlm
auth_param basic program /usr/lib64/squid/basic_ldap_auth -d -R -b
"dc=domian,dc=local" -D proxy@domain.local -W /etc/squid/ldappass.txt
-f sAMAccountName=%s -h server.domain.local
auth_param basic children 50
auth_param basic realm Internet Proxy
auth_param basic credentialsttl 1 minute


Log:

2013/05/30 01:58:22| negotiate_wrapper: Got 'KK
TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAACgAKAEgAAAAQABAAUgAAAAAAAACSAAAABYKIogUBKAoAAAAPYQBkAG0AaQBuAFUAUwBFAFIALQBQAEMAMQCyjgMoFTqyXQAAAAAAAAAAAAAAAAAAAABioAHqJBhnJnwFLhF18yrGqgT5zLhxN9o='
from squid (length: 199).
2013/05/30 01:58:22| negotiate_wrapper: Decode
'TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAACgAKAEgAAAAQABAAUgAAAAAAAACSAAAABYKIogUBKAoAAAAPYQBkAG0AaQBuAFUAUwBFAFIALQBQAEMAMQCyjgMoFTqyXQAAAAAAAAAAAAAAAAAAAABioAHqJBhnJnwFLhF18yrGqgT5zLhxN9o='
(decoded length: 146).
2013/05/30 01:58:22| negotiate_wrapper: received type 216 NTLM token
2013/05/30 01:58:22| negotiate_wrapper: Return 'NA = NT_STATUS_UNSUCCESSFUL
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux