> >ntlm-auth[1864]: attempting SSPI challenge retrieval
> >ntlm-auth[1864]: Got it
> >ntlm-auth[1864]: sending 'TT *some stuff that might be a
> hash*' to squid
> >ntlm-auth[1864]: Got 'KK *some more hash-like stuff*' from Squid
> >ntlm-auth[1864]: No domain supplied. Returning no-auth
> >ntlm-auth[1864]: sending 'NA Incorrect Request Format' to squid
>
> This response from the helper is clear:
>
> There is an NTLM authentication request without domain, but the
> domain field is mandatory for NTLM authentication with the current
> ntlm-auth.exe helper.
>
> Some of your client is sending user credentials without domain, may
> be local users or a machine not member of the Windows domain.
Thanks for the response, Guido.
That was as I thought - that it was a client sending some kind of bad
credentials; still doesn't tell me *which* client though! And as
authenticator log entries aren't time stamped I can't even try to
correlate them with TCP_DENIED entries in access.log.
As asked in the OP, is there a debug_level parameter that can be used to
trace requests sent to authenticator helper processes? None of the
candidates in debug-sections.txt seem quite right, unless section 28 is
the one.
Regards
Euan
Received on Wed Apr 19 2006 - 01:34:46 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT