[squid-users] ntlmssp: bad ascii: ffffffab (Lan Manager auth broken?)
Victor Sudakov
sudakov at sibptus.tomsk.ru
Tue Oct 7 06:40:38 UTC 2014
Amos Jeffries wrote:
> >
> >>> Apparently so, but as I said, the very same client software
> >>> does work with the old "ntlm_auth" helper and does not work
> >>> with the new ntlm_smb_lm_auth one.
> >>>
> >>> That's why I am saying that the problem is on the
> >>> authenticator side and not on the client side.
> >>
> >> The client is sending corrupt packets. Old authenticator did not
> >> check for the corruption. New one does.
> >
> > Which renders the new authenticator useless, at least for me.
> >
> >>
> >> Client is still sending corrupt packets, which is why both the
> >> developers have said the problem is in the client.
> >
> > The developers could have at least provided the option of
> > compatibility with the old bugs :) There is the old good
> > programming creed "be conservative about what you send and liberal
> > about what you receive".
> >
>
> The packet *is* accepted. Its the security privileges which are denied.
>
> If you want to accept anything the client sends regardless of the
> credentials accuracy there is ntlm_fake_auth.
No, ntlm_fake_auth does not work either. It keeps giving
"HTTP/1.1 407 Proxy Authentication Required"
Proxy-Authenticate: NTLM
and the browser keeps asking for user credentials.
Authentication is never successful/complete with this plugin.
I'm attaching the debug log.
> Using ntlm_fake_auth to retrieve the Windows user account name you can
> use an external_acl_type helper to take that name and other
> fixed-point details about the client machine (IP, port, ident? etc)
> and assign access privileges for them more securely than SMB LM.
It would be a good idea if only ntlm_fake_auth worked.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
-------------- next part --------------
ntlm_fake_auth.cc(176): pid=44500 :(ntlm_fake_auth) build Sep 21 2014, 12:04:04 starting up...
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 05 01 28 0A 00 00 00 0F 00 00 ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 09 00 09 00 NTLMSSP. ........
[0010] 28 00 00 00 07 82 08 A2 4E 9D 7A A4 CD 3E F1 0D ........ N.z.....
[0020] 00 00 00 00 00 00 3A 00 57 4F 52 4B 47 52 4F 55 ........ WORKGROU
[0030] 50 P
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 06 01 B1 1D 00 00 00 0F 00 00 ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 09 00 09 00 NTLMSSP. ........
[0010] 28 00 00 00 07 82 08 A2 B0 9C FB 05 44 55 C0 B0 ........ ....DU..
[0020] 00 00 00 00 00 00 3A 00 57 4F 52 4B 47 52 4F 55 ........ WORKGROU
[0030] 50 P
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 06 01 B1 1D 00 00 00 0F 00 00 ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 09 00 09 00 NTLMSSP. ........
[0010] 28 00 00 00 07 82 08 A2 9E 39 F7 CA B8 D6 E3 5B ........ .9......
[0020] 00 00 00 00 00 00 3A 00 57 4F 52 4B 47 52 4F 55 ........ WORKGROU
[0030] 50 P
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 06 01 B1 1D 00 00 00 0F 00 00 ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 09 00 09 00 NTLMSSP. ........
[0010] 28 00 00 00 07 82 08 A2 91 75 E8 52 06 47 96 B3 ........ .u.R.G..
[0020] 00 00 00 00 00 00 3A 00 57 4F 52 4B 47 52 4F 55 ........ WORKGROU
[0030] 50 P
2014/10/07 13:33:26 kid1| Starting new ntlmauthenticator helpers...
2014/10/07 13:33:26 kid1| helperOpenServers: Starting 1/100 'ntlm_fake_auth' processes
ntlm_fake_auth.cc(176): pid=44513 :(ntlm_fake_auth) build Sep 21 2014, 12:04:04 starting up...
ntlm_fake_auth.cc(195): pid=44513 :Got 'YR' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 06 01 B1 1D 00 00 00 0F 00 00 ........ ..
ntlm_fake_auth.cc(217): pid=44513 :sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 09 00 09 00 NTLMSSP. ........
[0010] 28 00 00 00 07 82 08 A2 4E 9D 7A A4 CD 3E F1 0D ........ N.z.....
[0020] 00 00 00 00 00 00 3A 00 57 4F 52 4B 47 52 4F 55 ........ WORKGROU
[0030] 50 P
ntlm_fake_auth.cc(195): pid=44513 :Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 06 01 B1 1D 00 00 00 0F 00 00 ........ ..
ntlmauth.cc(96): pid=44513 :ntlm_validate_packet: type is 1, wanted 3
ntlm_fake_auth.cc(237): pid=44513 :sending 'BH wrong packet type! user=' to squid
2014/10/07 13:34:28 kid1| ERROR: NTLM Authentication validating user. Result: {result=BH, notes={message: wrong packet type! user=; }}
ntlm_fake_auth.cc(195): pid=44500 :Got 'YR' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 08 A2 NTLMSSP. ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 06 01 B1 1D 00 00 00 0F 00 00 ........ ..
ntlm_fake_auth.cc(217): pid=44500 :sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 09 00 09 00 NTLMSSP. ........
[0010] 28 00 00 00 07 82 08 A2 DF 68 B2 DE A9 83 E3 DB ........ .h......
[0020] 00 00 00 00 00 00 3A 00 57 4F 52 4B 47 52 4F 55 ........ WORKGROU
[0030] 50 P
More information about the squid-users
mailing list