Bug 1194 - Squid-NTLM authentication unreliable
Squid-NTLM authentication unreliable
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: ntlm_auth tool
3.0.2a
All Solaris
: P3 major
: none
Assigned To: Andrew Bartlett
:
: 1475 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-17 05:33 UTC by Sergei V. Rozinov
Modified: 2005-08-24 10:24 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei V. Rozinov 2004-03-17 05:33:29 UTC
After updating samba from 3.0.1 to 3.0.2a
ntlm_auth in NTLMSSP squid 2.5 helper mode says
frequently (but not every time):

[2004/03/17 21:26:38, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(574)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/03/17 21:26:38, 2] lib/util.c:dump_data(1830)
  [000] 4E 54 4C 4D 53 53 50 00  03 00 00 00 18 00 18 00  NTLMSSP. ........
  [010] 55 00 00 00 18 00 18 00  6D 00 00 00 06 00 06 00  U....... m.......
  [020] 40 00 00 00 07 00 07 00  46 00 00 00 08 00 08 00  @....... F.......
  [030] 4D 00 00 00 00 00 00 00  85 00 00 00 06 02 00 00  M....... ........
  [040] 53 49 42 52 4F 4E 4B 4F  53 54 59 41 4E 48 45 4C  SIBRONKO STYANHEL
  [050] 50 44 45 53 4B 54 46 87  0B 9D 3A B4 1A 96 CD A5  PDESKTF. ..:.....
  [060] 02 02 79 82 EC 87 F7 62  C4 E0 5E B2 83 8F BD 42  ..y....b ..^....B
  [070] 78 BA A9 10 09 10 72 CE  9E 3C 2B A2 D6 2C 25 C6  x.....r. .<+..,%.
  [080] 94 AD 73 74 EE                                    ..st. 

The PC is Win2K PRO workstation with SP4 and all latest Windows Update
critical patches installed. Any ideas?
Comment 1 Andrew Bartlett 2004-03-24 04:50:25 UTC
Just a note to say I've seen this, and that I think it's probably real.  

I'll copy out your log extract, and see what I can make break.  NTLMSSP is fun! ;-)
Comment 2 Andrew Bartlett 2004-06-23 16:40:34 UTC
*** Bug 1475 has been marked as a duplicate of this bug. ***
Comment 3 Gerald (Jerry) Carter 2004-10-31 14:23:18 UTC
Andrew, is this fixed ?
Comment 4 Shane McMaster 2004-12-07 19:42:18 UTC
Still seeing this with Samba 3.0.9 & Squid 2.5-STABLE7.

Debug from cache.log reports

Got 'KK <Truncated>' from squid (length: 139).
Got user=[<User>] domain=[<Domain>] workstation=[] len1=24 len2=0

From what I can see this doesn't look to be related to Samba, I saw there was a
bug fixed on Stable7 related to truncated NTLM auth, not sure how to go about
pinpointing it back to Squid or maybe a Windows error.

Any ideas?
Comment 5 Gerald (Jerry) Carter 2005-02-09 08:41:32 UTC
andrew, please update this somehow.  Still working on it.  
wont fix. etc...  thanks.
Comment 6 Andrew Bartlett 2005-02-19 02:12:57 UTC
I don't think comment #4 belongs here - that shows the 'auth' packet being
parsed correctly, and so is some other error.  

The initial report my be a truncated blob, rather than anything more intersting.
 (ie, try again with current Squid 2.5 STABLE8).
Comment 7 Andrew Bartlett 2005-02-19 02:39:44 UTC
Original reporter did not indicate that authenication failed, so I tend to think
that the issue is one of cosmetics. 

I've removed a bogus printing of the 'NTLMSSP parse failed' line from current
SVN, and as such I think this is fixed.
Comment 8 Gerald (Jerry) Carter 2005-08-24 10:24:42 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.