[squid-users] squid 4 fails to authenticate using NTLM
zby at post.cz
zby at post.cz
Mon Jul 22 19:53:38 UTC 2019
My problem: my browser keeps on prompting for authentication.
Facts:
Debian 10 x86_64
squid-4.6 + samba-4.9
joined AD using "net ads join -U ...". OK.
wbinfo -t : OK
wbinfo -P or -p : OK
wbinfo -i userXYZ : returns data (OK)
wbinfo -g (well, fails to "deliver", too many users?)
smbclient -U userXYZ //host/share : works, logs me in
wbinfo -a domain\\user%pass:
plaintext password authentication succeeded
challenge/response password authentication failed
sqadmin at host13:~$ ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=ad
001
userw01 Passwd001
SPNEGO request [userw01 Passwd001] invalid prefix
BH SPNEGO request invalid prefix
squid/cache.log:
.....
2019/07/22 17:39:31.252 kid1| 11,2| client_side.cc(1323) parseHttpRequest:
HTTP Client REQUEST:
---------
CONNECT www.bing.com:443 HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like
Gecko
Host: www.bing.com
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIwAAABOAU4
BpAAAAAoACgBYAAAAEAAQAGIAAAAa....
DNT: 1
Proxy-Connection: Keep-Alive
Pragma: no-cache
Content-Length: 0
----------
2019/07/22 17:39:31.253 kid1| 29,9| UserRequest.cc(57) valid: Validating
Auth::UserRequest '0x55eb35131d80'.
2019/07/22 17:39:31.253 kid1| 29,5| UserRequest.cc(77) valid: Validated.
Auth::UserRequest '0x55eb35131d80'.
2019/07/22 17:39:31.253 kid1| 29,9| UserRequest.cc(65) authenticated: user
not fully authenticated.
2019/07/22 17:39:31.253 kid1| 29,9| UserRequest.cc(332) authenticate: header
NTLM TlRMTVNTUAADAAAAGAAYAIwAAABOAU4.....
...
2019/07/22 17:39:31.256 kid1| 29,9| UserRequest.cc(254) authenticate: auth
state ntlm failed. NTLM TlRMTVNTUAADAAAAGAA....
Please advise.
Thank you.
Zbynek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190722/0e44c709/attachment.html>
More information about the squid-users
mailing list