Re: ntlmssp: bad ascii: ffffffab (Lan Manager auth broken?)

Victor Sudakov <sudakov@xxxxxxxxxxxxxxxx> · Tue, 7 Oct 2014 13:40:38 +0700

Amos Jeffries wrote:
> > 
> >>> Apparently so, but as I said, the very same client software
> >>> does work with the old "ntlm_auth" helper and does not work
> >>> with the new ntlm_smb_lm_auth one.
> >>> 
> >>> That's why I am saying that the problem is on the
> >>> authenticator side and not on the client side.
> >> 
> >> The client is sending corrupt packets. Old authenticator did not
> >> check for the corruption. New one does.
> > 
> > Which renders the new authenticator useless, at least for me.
> > 
> >> 
> >> Client is still sending corrupt packets, which is why both the 
> >> developers have said the problem is in the client.
> > 
> > The developers could have at least provided the option of 
> > compatibility with the old bugs :) There is the old good
> > programming creed "be conservative about what you send and liberal
> > about what you receive".
> > 
> 
> The packet *is* accepted. Its the security privileges which are denied.
> 
> If you want to accept anything the client sends regardless of the
> credentials accuracy there is ntlm_fake_auth.

No, ntlm_fake_auth does not work either. It keeps giving 

"HTTP/1.1 407 Proxy Authentication Required" 
Proxy-Authenticate: NTLM

and the browser keeps asking for user credentials. 
Authentication is never successful/complete with this plugin.

I'm attaching the debug log.

> Using ntlm_fake_auth to retrieve the Windows user account name you can
> use an external_acl_type helper to take that name and other
> fixed-point details about the client machine (IP, port, ident? etc)
> and assign access privileges for them more securely than SMB LM.

It would be a good idea if only ntlm_fake_auth worked.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@xxxxxxxxxxxxxxxx
ntlm_fake_auth.cc(176): pid=44500 :(ntlm_fake_auth) build Sep 21 2014, 12:04:04 starting up...
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   01 00 00 00 07 82 08 A2   NTLMSSP. ........
[0010]   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0020]   05 01 28 0A 00 00 00 0F   00 00                     ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   02 00 00 00 09 00 09 00   NTLMSSP. ........
[0010]   28 00 00 00 07 82 08 A2   4E 9D 7A A4 CD 3E F1 0D   ........ N.z.....
[0020]   00 00 00 00 00 00 3A 00   57 4F 52 4B 47 52 4F 55   ........ WORKGROU
[0030]   50                                                  P
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   01 00 00 00 07 82 08 A2   NTLMSSP. ........
[0010]   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0020]   06 01 B1 1D 00 00 00 0F   00 00                     ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   02 00 00 00 09 00 09 00   NTLMSSP. ........
[0010]   28 00 00 00 07 82 08 A2   B0 9C FB 05 44 55 C0 B0   ........ ....DU..
[0020]   00 00 00 00 00 00 3A 00   57 4F 52 4B 47 52 4F 55   ........ WORKGROU
[0030]   50                                                  P
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   01 00 00 00 07 82 08 A2   NTLMSSP. ........
[0010]   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0020]   06 01 B1 1D 00 00 00 0F   00 00                     ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   02 00 00 00 09 00 09 00   NTLMSSP. ........
[0010]   28 00 00 00 07 82 08 A2   9E 39 F7 CA B8 D6 E3 5B   ........ .9......
[0020]   00 00 00 00 00 00 3A 00   57 4F 52 4B 47 52 4F 55   ........ WORKGROU
[0030]   50                                                  P
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   01 00 00 00 07 82 08 A2   NTLMSSP. ........
[0010]   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0020]   06 01 B1 1D 00 00 00 0F   00 00                     ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   02 00 00 00 09 00 09 00   NTLMSSP. ........
[0010]   28 00 00 00 07 82 08 A2   91 75 E8 52 06 47 96 B3   ........ .u.R.G..
[0020]   00 00 00 00 00 00 3A 00   57 4F 52 4B 47 52 4F 55   ........ WORKGROU
[0030]   50                                                  P
2014/10/07 13:33:26 kid1| Starting new ntlmauthenticator helpers...
2014/10/07 13:33:26 kid1| helperOpenServers: Starting 1/100 'ntlm_fake_auth' processes
ntlm_fake_auth.cc(176): pid=44513 :(ntlm_fake_auth) build Sep 21 2014, 12:04:04 starting up...
ntlm_fake_auth.cc(195): pid=44513 :Got 'YR' from Squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   01 00 00 00 07 82 08 A2   NTLMSSP. ........
[0010]   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0020]   06 01 B1 1D 00 00 00 0F   00 00                     ........ ..
ntlm_fake_auth.cc(217): pid=44513 :sending 'TT' to squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   02 00 00 00 09 00 09 00   NTLMSSP. ........
[0010]   28 00 00 00 07 82 08 A2   4E 9D 7A A4 CD 3E F1 0D   ........ N.z.....
[0020]   00 00 00 00 00 00 3A 00   57 4F 52 4B 47 52 4F 55   ........ WORKGROU
[0030]   50                                                  P
ntlm_fake_auth.cc(195): pid=44513 :Got 'KK' from Squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   01 00 00 00 07 82 08 A2   NTLMSSP. ........
[0010]   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0020]   06 01 B1 1D 00 00 00 0F   00 00                     ........ ..
ntlmauth.cc(96): pid=44513 :ntlm_validate_packet: type is 1, wanted 3
ntlm_fake_auth.cc(237): pid=44513 :sending 'BH wrong packet type! user=' to squid
2014/10/07 13:34:28 kid1| ERROR: NTLM Authentication validating user. Result: {result=BH, notes={message: wrong packet type! user=; }}
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   01 00 00 00 07 82 08 A2   NTLMSSP. ........
[0010]   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0020]   06 01 B1 1D 00 00 00 0F   00 00                     ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000]   4E 54 4C 4D 53 53 50 00   02 00 00 00 09 00 09 00   NTLMSSP. ........
[0010]   28 00 00 00 07 82 08 A2   DF 68 B2 DE A9 83 E3 DB   ........ .h......
[0020]   00 00 00 00 00 00 3A 00   57 4F 52 4B 47 52 4F 55   ........ WORKGROU
[0030]   50                                                  P
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users