[squid-users] ntlmssp: bad ascii: ffffffab (Lan Manager auth broken?)

[Kinkie]

er.. are you not using the helper provided by Samba? That is the most
reliable way to do NTLM authentication in squid (and most other Linux
software)

On Mon, Oct 6, 2014 at 11:08 AM, Victor Sudakov
<sudakov at sibptus.tomsk.ru> wrote:
> Francesco,
>
> What do you mean by "client"? Absolutely everything in this lab setup
> is the same, including the browser.
>
> The only difference is the ntlm plugin binary (ntlm_auth taken from
> the old squid and ntlm_smb_lm_auth from the new one).
>
> In fact, I replaced the binary and restarted squid.
>
> Kinkie wrote:
>> Whoops, sorry for the empty message.
>> This seems like a broken client. Can you check whether the client
>> sending that was a legitimate one?
>>
>> On Mon, Oct 6, 2014 at 10:24 AM, Victor Sudakov
>> <sudakov at sibptus.tomsk.ru> wrote:
>> > Colleagues,
>> >
>> > The NTLM (LM) plugin in squid27 worked perfectly while the NTLM plugin in
>> > squid34 is obviously broken.
>> >
>> > I am attaching two log files, one of the old plugin and the other of
>> > the new one. Could someone please have a look at bad-ntlm.log to see
>> > why ntlm_smb_lm_auth does not work any more after upgrading to 34?
>> >
>> > What does this failure
>> >
>> > ntlmssp: bad ascii: ffffffab
>> > No auth at all. Returning no-auth
>> > ntlm_smb_lm_auth.cc(531): pid=16346 :sending 'NA Logon Failure' to squid
>> >
>> > actually mean?
>> >
>> > I know that LM is bad and insecure, but I cannot give it up for the
>> > present in the production environment until I make Kerberos
>> > (negotiate) work.
>> >
>> > --
>> > Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
>> > sip:sudakov at sibptus.tomsk.ru
>> >
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>> >
>>
>>
>>
>> --
>>     Francesco
>
> --
> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
> sip:sudakov at sibptus.tomsk.ru



-- 
    Francesco