The ntlm_auth fails to authenticate users of Internet Explorer under Windows 98, if is in squid helper mode with option --helper-protocol=squid-2.5-ntlmssp. Authentication of Windows 2000 clients are OK. Older versions of auth prg shipped with squid-2.5 for Samba-2.2.x still work for Windows 98. The helper under SQUID reports this: [2003/10/06 00:32:45, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(278) ntlmssp_server_auth: failed to parse NTLMSSP: [2003/10/06 00:32:45, 2] lib/util.c:dump_data(1825) [000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [010] 48 00 00 00 00 00 00 00 60 00 00 00 06 00 06 00 H....... `....... [020] 34 00 00 00 07 00 07 00 3A 00 00 00 07 00 07 00 4....... :....... [030] 41 00 00 00 53 49 42 52 4F 4E 4B 41 53 48 54 41 A...SIBR ONKASHTA [040] 4E 4B 41 53 48 54 41 4E EA 73 AA F0 99 ED FD 46 NKASHTAN .s.....F [050] 5C 66 C2 E3 CE 7F 62 3B 09 74 57 86 F4 1F 64 88 \f....b; .tW...d. Sincerely, Sergei V. Rozinov Senior RISC systems engineer Sibron Ltd, RUSSIA
Reassigning this to abartlet.
I'm having tha same problem. Windows 2000/XP/NT/Me, no Windows 98. Messages from W98 are different than those from NT/XP/2000. I solved the problem upgrading NTLM software in W98. These are some dumps. Windows 98: [000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [010] 51 00 00 00 00 00 00 00 69 00 00 00 08 00 08 00 Q....... i....... [020] 34 00 00 00 09 00 09 00 3C 00 00 00 0C 00 0C 00 4....... <....... [030] 45 00 00 00 53 49 53 54 45 4D 41 53 61 69 67 6C E...SIST EMASaigl [040] 65 73 69 61 73 41 52 51 2E 49 47 4C 45 53 49 41 esiasARQ .IGLESIA [050] 53 57 DA 59 07 B0 F4 68 5B CA 48 FD 0A D7 5B 0F SWÚY.°ôh [ÊHý.×[. [060] 83 3B B8 D7 D6 FC F2 57 FB .;¸×ÖüòW û Windows XP: [000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [010] 54 00 00 00 18 00 18 00 6C 00 00 00 08 00 08 00 T....... l....... [020] 40 00 00 00 05 00 05 00 48 00 00 00 07 00 07 00 @....... H....... [030] 4D 00 00 00 00 00 00 00 84 00 00 00 06 02 00 20 M....... ....... [040] 53 49 53 54 45 4D 41 53 42 41 52 43 45 41 4D 45 SISTEMAS BARCEAME [050] 52 49 43 41 1D 73 3A C4 CB D4 0B 8D 6A A0 02 AC RICA.s:Ä ËÔ..j .¬ [060] 01 88 CB C9 00 0E 1D 49 B1 8A 6B 32 11 6B 58 7F ..ËÉ...I ±.k2.kX. [070] 10 D9 A8 69 28 08 BA E0 45 5A C1 C7 1B 46 0E 48 .Ù¨i(.ºà EZÁÇ.F.H [080] C2 8C AA 51 Â.ªQ My manual decode of W98: protocol: [000] NTLMSSP\0 type: [008] 0x03 // type-3 message zero: [00A] 0x000000 lm_resp_len: [00C] 0x0018 (little endian) decimal: 24 lm_resp_len: [00E] 0x0018 (little endian) decimal: 24 lm_resp_off: [010] 0x0051 (little endian) zero: [012] 0x0000 nt_resp_len: [014] 0x0000 (ohh!! this should be nonzero, it seems W98 does not use it) nt_resp_len: [016] 0x0000 (ohh!! this should be nonzero, it seems W98 does not use it) nt_resp_off: [018] 0x0069 (little endian) zero: [01A] 0x0000 dom_len: [01C] 0x0008 (little endian) {SISTEMAS} dom_len: [01E] 0x0008 (little endian) dom_off: [020] 0x0034 (little endian) zero: [022] 0x0000 user_len: [024] 0x0009 (little endian) {aiglesias} user_len: [026] 0x0009 (little endian) user_off: [028] 0x003C (little endian) zero: [02A] 0x0000 host_len: [02C] 0x000C (little endian) decimal: 12 {ARQ.IGLESIAS} host_len: [02E] 0x000C (little endian) decimal: 12 host_off: [030] 0x0045 (little endian) zero: [032] 0x5453494300 (little endian) 6 bytes ... this should be 6-byte zeroes!!!! msg_len: [038] 0x4D45 ......... ohh this went to the hell!! Continue parsing it's useless!
While I still think this is a ntlm_auth bug problem can be solved upgrading NTLM support in Windows 98. There's a Knowledge base Article at Microsoft Support: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q239/8/69.ASP&NoWebContent=1 It worked for me. But I had to use 1 (not 3!!) at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMCompatibility
Thanks Carlos Alberto, Installation of the Directory Services Client (DSCLIENT.EXE) onto Windows 98 solves this problem completely. And I didn't use HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMCompatibility By the way, this reg value doesn't exist at all on my test workstation, and the authentication now works fine.
I've added information about KB article to the ntlm_auth man page in section TROUBLESHOOTING.
Currently, it does: if (!msrpc_parse(&request, parse_string, "NTLMSSP", &ntlmssp_command, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, &ntlmssp_state->domain, &ntlmssp_state->user, &ntlmssp_state->workstation, &sess_key, &neg_flags)) { DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n")); dump_data(2, (const char *)request.data, request.length); return NT_STATUS_INVALID_PARAMETER; } but Win9x clients don't send the session key or flag fields in the type 3 (as seen in the packet dump above): http://davenport.sourceforge.net/ntlm.html#theType3Message They also only do LM; the Directory Services client adds support for NTLMv2, and updates the type 3 format to the version used by newer clients. Don't know if this helps, but I was cruising by and saw this so I figured I'd put in my $.02 ;) Eric
I think this is fixed in current CVS, and in Samba 3.0.1 (however 3.0.1 may have other issues). I have allowed for a short parse, ignoring the trailing elements. Reopen this bug if you still have an issue.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup