[squid-users] ntlmssp: bad ascii: ffffffab (Lan Manager auth broken?)
Amos Jeffries
squid3 at treenet.co.nz
Tue Oct 7 07:31:36 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/10/2014 7:40 p.m., Victor Sudakov wrote:
> Amos Jeffries wrote:
>>>
>>>>> Apparently so, but as I said, the very same client
>>>>> software does work with the old "ntlm_auth" helper and does
>>>>> not work with the new ntlm_smb_lm_auth one.
>>>>>
>>>>> That's why I am saying that the problem is on the
>>>>> authenticator side and not on the client side.
>>>>
>>>> The client is sending corrupt packets. Old authenticator did
>>>> not check for the corruption. New one does.
>>>
>>> Which renders the new authenticator useless, at least for me.
>>>
>>>>
>>>> Client is still sending corrupt packets, which is why both
>>>> the developers have said the problem is in the client.
>>>
>>> The developers could have at least provided the option of
>>> compatibility with the old bugs :) There is the old good
>>> programming creed "be conservative about what you send and
>>> liberal about what you receive".
>>>
>>
>> The packet *is* accepted. Its the security privileges which are
>> denied.
>>
>> If you want to accept anything the client sends regardless of
>> the credentials accuracy there is ntlm_fake_auth.
>
> No, ntlm_fake_auth does not work either. It keeps giving
>
> "HTTP/1.1 407 Proxy Authentication Required" Proxy-Authenticate:
> NTLM
>
> and the browser keeps asking for user credentials. Authentication
> is never successful/complete with this plugin.
>
> I'm attaching the debug log.
>
Interesting log. Can you get a full-body packet trace to me privately?
That is captured by using tcpdump -s 0 or -s 65535 option.
And if possible the full cache.log contents?
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUM5bYAAoJELJo5wb/XPRjfi0H/i3V2R1edHKPnHJLKYMFIZuE
xgxK/bmX4HB7N8/KAKEsUXMzcWu5sNVzrFAJUwUQpeNvwQ206uocwM0DzPAIJSox
bbCFJsWzKQ5b5JcQKHlVhny8UCLRY5Bb/fqI5QUHEn1py6mK1Y6fErkLkuX2Jb+l
MXx5UVE3wnHVpA/vUL5LmUAgJcPalfxiO6jKzY0SU8hycGkb8PNOLff1ew1Yagmc
obKOw3GcLSR3FhpcNCL0ocCfI8UbGff24RpouH8B7NoGzmSDU1LfZuQ+TwXc5oDv
2xXWMmscfUMG5o0tUJuOVSuCEnPqpvbHjHP+o/E6cJtDmDn9BggZYqKn0eGwjAo=
=w656
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list