-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/10/2014 8:31 p.m., Amos Jeffries wrote: > On 7/10/2014 7:40 p.m., Victor Sudakov wrote: >> Amos Jeffries wrote: >>>> >>>>>> Apparently so, but as I said, the very same client >>>>>> software does work with the old "ntlm_auth" helper and >>>>>> does not work with the new ntlm_smb_lm_auth one. >>>>>> >>>>>> That's why I am saying that the problem is on the >>>>>> authenticator side and not on the client side. >>>>> >>>>> The client is sending corrupt packets. Old authenticator >>>>> did not check for the corruption. New one does. >>>> >>>> Which renders the new authenticator useless, at least for >>>> me. >>>> >>>>> >>>>> Client is still sending corrupt packets, which is why both >>>>> the developers have said the problem is in the client. >>>> >>>> The developers could have at least provided the option of >>>> compatibility with the old bugs :) There is the old good >>>> programming creed "be conservative about what you send and >>>> liberal about what you receive". >>>> >>> >>> The packet *is* accepted. Its the security privileges which >>> are denied. >>> >>> If you want to accept anything the client sends regardless of >>> the credentials accuracy there is ntlm_fake_auth. > >> No, ntlm_fake_auth does not work either. It keeps giving > >> "HTTP/1.1 407 Proxy Authentication Required" Proxy-Authenticate: >> NTLM > >> and the browser keeps asking for user credentials. >> Authentication is never successful/complete with this plugin. > >> I'm attaching the debug log. > > > Interesting log. Can you get a full-body packet trace to me > privately? That is captured by using tcpdump -s 0 or -s 65535 > option. > > And if possible the full cache.log contents? Actually please run the fake-auth helper from 3.4.* with parameter -dv when doing that. It will dump the relevant NTLM details to cache.log. If you can also get a similar pair of traces from the SMB LM helper with option -d it might help investigation that issue as well. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUM5ouAAoJELJo5wb/XPRjJewIANMi9E9qlv6k5zdDSf+w14T9 AZtC/QEYKXl8cJU37BBy+bBqtAkXfd3XWJb7CNgDPc3UPFw6WS7caayybG+Eo5A4 bW1dT2hslViPN1Pt9GwFm1y8Xnoqm6+Fg0R8T7fTXBfQHyjxb7g4t5fo8lOqYUp1 r/9HQvJFaFjUPRQAp2lZJY/zLKpt3Vvz/Ch8t0ic6DMMtl3cA2QTLOGvy4bbHVLl NyRW0NuKYeU+Ek4DemlM/7y1eAZGaDCD8RwXGx9T01BpN5QI1dSQCbmuHhbtQsmH cXyxrd8m95qZ3ThB+Cnegk2ptQBemWXnZgvVsACzcZmca56W7rsiWGD8D7KZW2c= =4dfw -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
