I am trying to get NTLM working. I have very limited knowledge in this
area.
I am using squid 2.5stable1.
I am trying to use the no_check.pl script supplied as a helper in
ntlm_auth to test with.
The browser [IE6] does not prompt for username etc, but give a not
authorised error. Mozilla on Linux prompts as expected.
A network trace shows [attached]
- the proxy is sending the NTLM and Basic Proxy-Authenticate headers
[with NTLM first]
- the client responds with a NTLM negotiate
- server responds with a NTLM challenge
no further communcation occurs and the browser displays a MS "page
cannot be displayed" error page.
ntlm program defined as [perl script moved to correct location etc]
auth_param ntlm program /etc/squid/no_check.pl
the only output of the no_check.pl script appears to be the TT [hash]
line, i.e it only seems to be getting passed a "YR"
any ideas?
many thanks
John
squid -v output
Squid Cache: Version 2.5.STABLE1
configure options: --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu
--target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr
--exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
--libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var
--sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
--libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid
--enable-poll --enable-snmp --enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,ufs --enable-ssl
--with-openssl=/usr/kerberos --enable-delay-pools
--enable-linux-netfilter --with-pthreads --enable-auth=ntlm,basic
--enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT
--enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group
John Blance
Technical Architect
Canterbury District Health Board
Direct Dial: 03 3378794
john.blance@cdhb.govt.nz
**********************************************************************
** This email and attachments have been scanned for content and viruses
and is believed to be clean **
This email or attachments may contain confidential or legally
privileged information intended for the sole use of the addressee(s).
Any use, redistribution, disclosure, or reproduction of this message,
except as intended, is prohibited. If you received this email in error,
please notify the sender and remove all copies of the message,
including any attachments. Any views or opinions expressed in this
email (unless otherwise stated) may not represent those of Canterbury
District Health Board
**********************************************************************
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:16 MST