1194 – Squid-NTLM authentication unreliable

Bug 1194 - Squid-NTLM authentication unreliable

Summary: Squid-NTLM authentication unreliable

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	ntlm_auth tool (show other bugs)
Version:	3.0.2a
Hardware:	All Solaris

Importance:	P3 major
Target Milestone:	none
Assignee:	Andrew Bartlett
QA Contact:

URL:
Keywords:

Duplicates (1):	1475 (view as bug list)
Depends on:
Blocks:

Reported:	2004-03-17 05:33 UTC by Sergei V. Rozinov
Modified:	2005-08-24 10:24 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergei V. Rozinov 2004-03-17 05:33:29 UTC

After updating samba from 3.0.1 to 3.0.2a
ntlm_auth in NTLMSSP squid 2.5 helper mode says
frequently (but not every time):

[2004/03/17 21:26:38, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(574)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/03/17 21:26:38, 2] lib/util.c:dump_data(1830)
  [000] 4E 54 4C 4D 53 53 50 00  03 00 00 00 18 00 18 00  NTLMSSP. ........
  [010] 55 00 00 00 18 00 18 00  6D 00 00 00 06 00 06 00  U....... m.......
  [020] 40 00 00 00 07 00 07 00  46 00 00 00 08 00 08 00  @....... F.......
  [030] 4D 00 00 00 00 00 00 00  85 00 00 00 06 02 00 00  M....... ........
  [040] 53 49 42 52 4F 4E 4B 4F  53 54 59 41 4E 48 45 4C  SIBRONKO STYANHEL
  [050] 50 44 45 53 4B 54 46 87  0B 9D 3A B4 1A 96 CD A5  PDESKTF. ..:.....
  [060] 02 02 79 82 EC 87 F7 62  C4 E0 5E B2 83 8F BD 42  ..y....b ..^....B
  [070] 78 BA A9 10 09 10 72 CE  9E 3C 2B A2 D6 2C 25 C6  x.....r. .<+..,%.
  [080] 94 AD 73 74 EE                                    ..st. 

The PC is Win2K PRO workstation with SP4 and all latest Windows Update
critical patches installed. Any ideas?

Comment 1 Andrew Bartlett 2004-03-24 04:50:25 UTC

Just a note to say I've seen this, and that I think it's probably real.  

I'll copy out your log extract, and see what I can make break.  NTLMSSP is fun! ;-)

Comment 2 Andrew Bartlett 2004-06-23 16:40:34 UTC

*** Bug 1475 has been marked as a duplicate of this bug. ***

Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-10-31 14:23:18 UTC

Andrew, is this fixed ?

Comment 4 Shane McMaster 2004-12-07 19:42:18 UTC

Still seeing this with Samba 3.0.9 & Squid 2.5-STABLE7.

Debug from cache.log reports

Got 'KK <Truncated>' from squid (length: 139).
Got user=[<User>] domain=[<Domain>] workstation=[] len1=24 len2=0

From what I can see this doesn't look to be related to Samba, I saw there was a
bug fixed on Stable7 related to truncated NTLM auth, not sure how to go about
pinpointing it back to Squid or maybe a Windows error.

Any ideas?

Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-02-09 08:41:32 UTC

andrew, please update this somehow.  Still working on it.  
wont fix. etc...  thanks.

Comment 6 Andrew Bartlett 2005-02-19 02:12:57 UTC

I don't think comment #4 belongs here - that shows the 'auth' packet being
parsed correctly, and so is some other error.  

The initial report my be a truncated blob, rather than anything more intersting.
 (ie, try again with current Squid 2.5 STABLE8).

Comment 7 Andrew Bartlett 2005-02-19 02:39:44 UTC

Original reporter did not indicate that authenication failed, so I tend to think
that the issue is one of cosmetics. 

I've removed a bogus printing of the 'NTLMSSP parse failed' line from current
SVN, and as such I think this is fixed.

Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:24:42 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.