RE: [SQU] NTLM error report to squid dev

From: Robert Collins <robert.collins@dont-contact.us>
Date: Fri, 9 Mar 2001 14:53:54 +1100

Thanks for the bug report Adam. do you see the error consistently, or
just occasionally? If it's consistently, can you please clear your
cache.log, set debug to ALL,1 29,9 and run a request or two through
until that error appears?

Also what CVS branch are you using?

Thanks,
Rob
 

> -----Original Message-----
> From: Adam.Shields@psg-pinkerton.com
> [mailto:Adam.Shields@psg-pinkerton.com]
> Sent: Friday, March 09, 2001 1:41 PM
> To: squid-users@ircache.net
> Subject: [SQU] NTLM error report to squid dev
>
>
> hey folks, Adam again
>
> Setup NTLM to work on a squid 2.5 (3/8/2001 is the day I got
> the CVS tree)
> configured it using --enable-auth=ntlm and
> --enable-ntlm-auth-helpers=NTLMSSP
>
> compiled and installed fine.
>
> squid.conf is almost straight defaults,
>
> #Default:
> # http_port 3128
>
> #Default:
> # tcp_outgoing_address 255.255.255.255
> # udp_incoming_address 0.0.0.0
> # udp_outgoing_address 255.255.255.255
>
> #We recommend you to use at least the following line.
> hierarchy_stoplist cgi-bin ?
>
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
>
> # cache_dir ufs /usr/local/squid/cache 100 16 256
>
> auth_param ntlm program /usr/local/squid/bin/ntlm_auth PSG1/PSGZDCS001
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
>
> acl all src 0.0.0.0/0.0.0.0
> acl CONNECT method CONNECT
> acl acl_name proxy_auth REQUIRED
>
> http_access allow acl_name
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> visible_hostname PSGZLIN001
>
>
> The access.log file shows the username of the workstation I'm
> working from
> so I know it's at least reading the hash from the borwser
>
> 984094928.472 1220 10.7.2.22 TCP_MISS/200 6780 POST
> http://www.squid-cache.org/cgi-bin/swish-query.cgi psg1\shieldsad
> DIRECT/206.168.0.9 text/html
> 984094931.842 2 10.7.2.22 TCP_DENIED/407 1424 GET
> http://www.squid-cache.org/mail-archive/squid-users/200010/054
7.html NONE/-
text/html
984094931.851 5 10.7.2.22 TCP_DENIED/407 1490 GET
http://www.squid-cache.org/mail-archive/squid-users/200010/0547.html
NONE/-
text/html
984094932.093 242 10.7.2.22 TCP_MISS/200 8442 GET
http://www.squid-cache.org/mail-archive/squid-users/200010/0547.html
psg1\shieldsad DIRECT/206.168.0.9 text/html
984094980.721 888 10.7.2.22 TCP_MISS/200 4070 GET
http://www.squid-cache.org/mail-archive/squid-dev/200101/0283.html
psg1\shieldsad DIRECT/206.168.0.9 text/html

and now to the actual error

I receive the following when running ./squid -NCd3 with a debug_option
of
29,6
or what was suggested..

SessSetupAndX response. Action = 0
Error receiving response to SessSetupAndX
2001/03/08 18:53:43| authenticateNTLMDirection: called before NTLM
Authenticate. Report a bug to squid-dev.

I receive the last line a few times in the cache.log, and it's the same.
as well as the SessSetupAndX response error.

any help would be greatly appreiceated, if theres something I'm missing,
could you help me out?

Also, i read somewhere that the NTLM program would verify aginst a net
group
in NT, if so, is this an option you have to enable in the ntlm_auth
helper?

As alwaysyour help is appreiceated,
        Adam Shields
        Pinkerton Services Group

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Mar 08 2001 - 21:03:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:35 MST