Re: [squid-users] unexpected state in AuthenticateNTLMFixErrorHea der (squid crash) from Henrik Nordstrom on 2001-05-01 (squid-dev)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 01 May 2001 18:06:12 +0200

Sounds like a bug in the NTLM code.

Boris: Which date is this 2.5 version from (you seem to be using a
version downloaded via CVS, not a snapshot version. The snapshot
versions include the snapshot date in the version string).

Robert: Any comment on what might be causing this?

--
Henrik
Boris Segal wrote:
> 
> Hi Henrik
> 
> We are using squid proxy (Version 2.5) on Solaris 2.8 X86 platform.
> the squid run with NTLM authentication mode for internal users
> authentication - this works fine.
> But, When trying to access web sites that require user Authentication
> (proxiing Basic Authentication) we failed.
> site for example: http://www.baker.edu/administration/ininfo/
> we get : The page cannot be displayed error page
> when not using the NTLM Authentication on the proxy we manage to get to
> those sites.
> (https sites and sites that run a cgi authentication works fine also - the
> problem exist only when the other side require
> In the squid debug log we get :
> 
> 2001/03/18 12:13:03| authenticateNTLMFixErrorHeader: state 4.
> 2001/03/18 12:13:03| storeDirWriteCleanLogs: Starting...
> 2001/03/18 12:13:03| WARNING: Closing open FD 17
> 2001/03/18 12:13:03| Finished. Wrote 20005 entries.
> 2001/03/18 12:13:03| Took 0.1 seconds (397137.4 entries/sec).
> FATAL: unexpected state in AuthenticateNTLMFixErrorHeader.
> Squid Cache (Version 2.5.DEVEL): Terminated abnormally.
> It seems that squid doing a restart to himself during this problem, that's
> why we get the error : the page can't be displayed.
> 
> Have You Any idea ?
> 
> Thank you,
> 
> Boris Segal
> 
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Tuesday, May 01, 2001 4:13 PM
> To: Garner, Robin
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] unexpected state in AuthenticateNTLMFixErrorHea
> der (squid crash)
> 
> Garner, Robin wrote:
> >
> > The other problem is that you can't access some Internet sites that
> > require authorization - the proxy doesn't seem to proxy the
> > authorization request.  I'm not sure what authentication methods are
> > affected.
> 
> NTLM authentication cannot be proxied due to a design flaw by MS in NTLM
> authentication.
> 
> Basic and Digest authentication should be proxied fine, and should also
> work fine even if you are using NTLM authentication to authenticate to
> the proxy.
> 
> --
> Henrik Nordstrom
> Squid Hacker

Received on Tue May 01 2001 - 10:08:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:58 MST