Search squid archive

Re: decode kerberos messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My goal was only to know which computer and/or user is failing to use
each method of authentication. The network is too big, and among those
thousands of messages I need to know first from where those failed are
coming. Probably the user is being prompted with the auth window, but
as he thinks it is normal, he don't claim our support to fix it. I
wanna know so I can send support to fix or replace the computer.

On Thu, Oct 31, 2013 at 2:14 PM, Carlos Defoe <carlosdefoe@xxxxxxxxx> wrote:
> Hi Amos,
>
> Seems that it don't work for kerberos tokens:
>
> NTLM Signature:`� �  +
> NTLM Message Type:2551
> BITMAP111111111111000000000000000000000000000000
> Unknown @12:0x 160
> ...
>
> For a NTLM token it shows the flags.
>
> On Thu, Oct 31, 2013 at 2:41 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>> On 31/10/2013 6:02 a.m., Carlos Defoe wrote:
>>>
>>> Hi,
>>>
>>> It is possible to decode those "negotiate_kerberos_auth" debug
>>> messages? I tried "base64 -d", but it shows a lot of garbage and
>>> almost nothing readable.
>>
>>
>> It is a binary NTLMSSPI packet. I have put a simple decoder together for
>> debugging purposes:
>> http://treenet.co.nz/projects/squid/ntlm_token.php
>>
>> Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux