Re: [squid-users] RE: Error with ntlm authentication

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 14 May 2009 00:43:56 +1200

Delgado Contreras wrote:
> Hi,
>
> Yes, but why I have an error 1000 in proxy Event Viewer ever time I try to open a web page?
>

Something still broken on your client machine accessing the AD.

http://support.microsoft.com/kb/261007

Amos

>
> Verónica
>
> -----Mensaje original-----
> De: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Enviado el: miércoles, 13 de mayo de 2009 14:24
> Para: "Delgado Contreras"; Delgado Contreras, Verónica
> CC: Guido Serassio; squid-users_at_squid-cache.org
> Asunto: Re: [squid-users] RE: Error with ntlm authentication
>
> Delgado Contreras wrote:
>> Hi,
>>
>> I have solved the Error 1054.Buy I also have this error.
>>
>> Type: Error
>> User: N/A
>> Source: Application Error
>> Category: (100)
>> EventID: 1000
>>
>> Description:
>>
>> Faulting application mswin_ntlm_auth.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.3790.3959, fault address 0x00037e23.
>>
>> For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
>>
>>
>>
>> This is my configuration in squid.conf:
>>
>> auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe -d
>> auth_param ntlm children 50
>> auth_param basic program c:/squid/libexec/mswin_ntlm_auth.exe -d
>> auth_param basic children 50
>> auth_param basic keep_alive on
>> auth_param ntlm keep_alive on
>> auth_param negotiate keep_alive on
>>
>> auth_param basic credentialsttl 5 minutes
>>
>> external_acl_type AD_global_group %LOGIN c:/squid/libexec/mswin_check_ad_group.exe -D cajadeburgos.des -G -d
>>
>> acl GProxyUsers external AD_global_group c:/squid/etc/DomainUsers
>> acl dstcomun dstdomain "C:/squid/etc/comun.acl"
>> acl ntlm-users proxy_auth REQUIRED
>> http_access allow ntlm-users GProxyUsers
>>
>>
>> When a user open the first time a web page in a Browser, the user and domain are send and the proxy allow the web, but the next times the user and domain aren't send and the proxy don´t allow the web and in the event Viwer Aplication sow the EventID 1000.
>>
>> It can see in the file access.log
>>
>> 1242042166.237 782 172.24.4.123 TCP_MISS/302 612 GET http://go.microsoft.com/fwlink/? dodes\administrator DIRECT/64.4.52.189 text/html
>> 1242042166.831 593 172.24.4.123 TCP_MISS/403 1010 GET http://runonce.msn.com/runonce3.aspx dodes\administrator DIRECT/213.199.181.20 text/html
>> 1242042177.426 0 172.24.4.123 TCP_DENIED/407 1782 GET http://www.google.es/ - NONE/- text/html
>>
>
> This is correct behavior of Squid.
>
> 407 is request for missing credentials which have not been sent by the
> browser software. Expect it to be followed by an almost identical repeat
> request which succeeds.
>
> This document may be of some help figuring out what is going on:
> http://wiki.squid-cache.org/KnowledgeBase/NTLMAuthGoryDetails
>
>
> Amos
>
>> -----Mensaje original-----
>> De: Guido Serassio [mailto:guido.serassio_at_acmeconsulting.it]
>> Enviado el: martes, 12 de mayo de 2009 19:46
>> Para: Delgado Contreras, Verónica; squid-users_at_squid-cache.org
>> Asunto: R: [squid-users] RE: Error with ntlm authentication
>>
>> Hi,
>>
>> The errors that you can see in the event log of your machine are not related to Squid, but are the symptom of some malfunction in the acces to AD from the machine itself.
>> So likely any ntlm problem could be related.
>>
>> But, what is the helpers command line in squid.conf ?
>>
>> Regards
>>
>> Guido Serassio
>>
>> Acme Consulting S.r.l. - Microsoft Certified Partner
>> Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
>> Tel. : +39.011.9530135 Fax. : +39.011.9781115
>> Email: info_at_acmeconsulting.it
>> WWW: http://www.acmeconsulting.it/
>>
>>
>>
>>> -----Messaggio originale-----
>>> Da: Delgado Contreras, Verónica [mailto:vdelgado_at_cajadeburgos.es]
>>> Inviato: martedì 12 maggio 2009 8.20
>>> A: squid-users_at_squid-cache.org
>>> Oggetto: [squid-users] RE: Error with ntlm authentication
>>>
>>>
>>> Hello,
>>>
>>> I´m testing Squid 3 for Windows. I try to configure squid with ntlm
>>> authentication but I have a error in event viewer-Application.
>>>
>>> Type: Error
>>> User: NT AUTHORITY\SYSTEM
>>> Computer: LOBO
>>> Source: Userenv
>>> Category: None
>>> Event ID: 1054
>>> Description:
>>> Windows cannot obtain the domain controller name for your computer network.
>>> (An unexpected network error occurred. ). Group Policy processing aborted.
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>>
>>>
>>>
>>>
>>> And the “cache .log” show this:
>>>
>>>
>>>
>>> ntlm-auth[2828](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[2828](ntlm_auth.c:391): SSPI initialized OK
>>> ntlm-auth[796](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[796](ntlm_auth.c:391): SSPI initialized OK
>>> ntlm-auth[5620](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[5620](ntlm_auth.c:391): SSPI initialized OK
>>> ntlm-auth[2864](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[2864](ntlm_auth.c:391): SSPI initialized OK
>>> ntlm-auth[5644](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[5644](ntlm_auth.c:391): SSPI initialized OK
>>> 2009/05/11 12:56:47| helperOpenServers: Starting 5
>>> 'mswin_check_ad_group.exe' processes
>>> ntlm-auth[3248](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[3248](ntlm_auth.c:391): SSPI initialized OK
>>> ntlm-auth[5980](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[5980](ntlm_auth.c:391): SSPI initialized OK
>>> /mswin_check_ad_group.exe[3012]: Member of Domain DODES
>>>
>>> /mswin_check_ad_group.exe[3012]: Into forest cajadeburgos.des
>>>
>>> /mswin_check_ad_group.exe[3012]: External ACL win32 group helper build Mar
>>> 6 2009, 23:48:40 starting up...
>>>
>>> /mswin_check_ad_group.exe[3012]: Domain Global group mode enabled using
>>> 'cajadeburgos.de' as default domain.
>>>
>>> ntlm-auth[5664](ntlm_auth.c:385): c:/squid/libexec/mswin_ntlm_auth.exe
>>> build Mar 6 2009, 23:32:18 starting up...
>>> ntlm-auth[5664](ntlm_auth.c:391): SSPI initialized OK
>>> /mswin_check_ad_group.exe[1160]: Member of Domain DODES
>>>
>>> /mswin_check_ad_group.exe[1160]: Into forest cajadeburgos.des
>>>
>>> /mswin_check_ad_group.exe[1160]: External ACL win32 group helper build Mar
>>> 6 2009, 23:48:40 starting up...
>>>
>>> /mswin_check_ad_group.exe[1160]: Domain Global group mode enabled using
>>> 'cajadeburgos.de' as default domain.
>>>
>>> /mswin_check_ad_group.exe[3268]: Member of Domain DODES
>>>
>>> /mswin_check_ad_group.exe[3268]: Into forest cajadeburgos.des
>>>
>>> /mswin_check_ad_group.exe[3268]: External ACL win32 group helper build Mar
>>> 6 2009, 23:48:40 starting up...
>>>
>>> /mswin_check_ad_group.exe[3268]: Domain Global group mode enabled using
>>> 'cajadeburgos.de' as default domain.
>>>
>>> /mswin_check_ad_group.exe[5656]: Member of Domain DODES
>>>
>>> /mswin_check_ad_group.exe[5656]: Into forest cajadeburgos.des
>>>
>>> /mswin_check_ad_group.exe[5656]: External ACL win32 group helper build Mar
>>> 6 2009, 23:48:40 starting up...
>>>
>>> /mswin_check_ad_group.exe[5656]: Domain Global group mode enabled using
>>> 'cajadeburgos.de' as default domain.
>>>
>>> 2009/05/11 12:56:47| User-Agent logging is disabled.
>>> 2009/05/11 12:56:47| Referer logging is disabled.
>>> /mswin_check_ad_group.exe[3016]: Member of Domain DODES
>>>
>>> /mswin_check_ad_group.exe[3016]: Into forest cajadeburgos.des
>>>
>>> /mswin_check_ad_group.exe[3016]: External ACL win32 group helper build Mar
>>> 6 2009, 23:48:40 starting up...
>>>
>>> /mswin_check_ad_group.exe[3016]: Domain Global group mode enabled using
>>> 'cajadeburgos.de' as default domain.
>>>
>>> 2009/05/11 12:56:47| Unlinkd pipe opened on FD 428
>>> 2009/05/11 12:56:47| Local cache digest enabled; rebuild/rewrite every
>>> 3600/3600 sec
>>> 2009/05/11 12:56:47| Swap maxSize 1024000 KB, estimated 78769 objects
>>> 2009/05/11 12:56:47| Target number of buckets: 3938
>>> 2009/05/11 12:56:47| Using 8192 Store buckets
>>> 2009/05/11 12:56:47| Max Mem size: 8192 KB
>>> 2009/05/11 12:56:47| Max Swap size: 1024000 KB
>>> 2009/05/11 12:56:48| Version 1 of swap file with LFS support detected...
>>> 2009/05/11 12:56:48| Rebuilding storage in c:/squid/var/cache (CLEAN)
>>> 2009/05/11 12:56:48| Using Least Load store dir selection
>>> 2009/05/11 12:56:48| Set Current Directory to c:/squid/var/cache
>>> 2009/05/11 12:56:48| Loaded Icons.
>>> 2009/05/11 12:56:48| Accepting HTTP connections at 172.25.49.11, port 80,
>>> FD 434.
>>> 2009/05/11 12:56:48| HTCP Disabled.
>>> 2009/05/11 12:56:48| Ready to serve requests.
>>> 2009/05/11 12:56:48| Done reading c:/squid/var/cache swaplog (951 entries)
>>> 2009/05/11 12:56:48| Finished rebuilding storage from disk.
>>> 2009/05/11 12:56:48| 951 Entries scanned
>>> 2009/05/11 12:56:48| 0 Invalid entries.
>>> 2009/05/11 12:56:48| 0 With invalid flags.
>>> 2009/05/11 12:56:48| 951 Objects loaded.
>>> 2009/05/11 12:56:48| 0 Objects expired.
>>> 2009/05/11 12:56:48| 0 Objects cancelled.
>>> 2009/05/11 12:56:48| 0 Duplicate URLs purged.
>>> 2009/05/11 12:56:48| 0 Swapfile clashes avoided.
>>> 2009/05/11 12:56:48| Took 0.34 seconds (2766.19 objects/sec).
>>> 2009/05/11 12:56:48| Beginning Validation Procedure
>>> 2009/05/11 12:56:48| Completed Validation Procedure
>>> 2009/05/11 12:56:48| Validated 1927 Entries
>>> 2009/05/11 12:56:48| store_swap_size = 8024
>>> 2009/05/11 12:56:49| storeLateRelease: released 0 objects
>>> ntlm-auth[3376](ntlm_auth.c:227): Got 'YR
>>> TlRMTVNTUAABAAAAB7IIogUABQA3AAAADwAPACgAAAAFASgKAAAAD1czMDY0U0lTVEVNNDEyM0
>>> RPREVT' from Squid
>>> ntlm-auth[3376](ntlm_auth.c:183): attempting SSPI challenge retrieval
>>> ntlm-auth[3376](ntlm_auth.c:186): Got it
>>> ntlm-auth[3376](ntlm_auth.c:266): sending 'TT
>>> TlRMTVNTUAACAAAACgAKADgAAAAFgomiDSA9TjNm89EAAAAAAAAAAJQAlABCAAAABQLODgAAAA
>>> 9EAE8ARABFAFMAAgAKAEQATwBEAEUAUwABAAgATABPAEIATwAEACAAYwBhAGoAYQBkAGUAYgB1
>>> AHIAZwBvAHMALgBkAGUAcwADACoATABPAEIATwAuAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC
>>> 4AZABlAHMABQAgAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC4AZABlAHMAAAAAAA==' to
>>> squid
>>> ntlm-auth[3376](ntlm_auth.c:227): Got 'KK
>>> TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAAAoACgBIAAAAGgAaAFIAAAAeAB4AbAAAAAAAAA
>>> C6AAAABYKIogUBKAoAAAAPRABPAEQARQBTAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAVwAz
>>> ADAANgA0AFMASQBTAFQARQBNADQAMQAyADMAMpWZ5BGDLckAAAAAAAAAAAAAAAAAAAAA11H7te
>>> bZ4CuRk+g95Dm0zM6uiw9ortI2' from Squid
>>> ntlm-auth[3376](libntlmssp.c:269): checking domaicn: 'DODES', user:
>>> 'Administrator'
>>> /mswin_check_ad_group.exe[3012]: Got 'dodes%5Cadministrator
>>> c:/squid/etc/DomainUsers' from Squid (length: 46).
>>>
>>> /mswin_check_ad_group.exe[3012]: Valid_Global_Groups: checking group
>>> membership of 'dodes\administrator'.
>>>
>>> /mswin_check_ad_group.exe DsGetDcName() failed.'
>>> ntlm-auth[5888](ntlm_auth.c:227): Got 'YR
>>> TlRMTVNTUAABAAAAB7IIogUABQA3AAAADwAPACgAAAAFASgKAAAAD1czMDY0U0lTVEVNNDEyM0
>>> RPREVT' from Squid
>>> ntlm-auth[5888](ntlm_auth.c:183): attempting SSPI challenge retrieval
>>> ntlm-auth[5888](ntlm_auth.c:186): Got it
>>> ntlm-auth[5888](ntlm_auth.c:266): sending 'TT
>>> TlRMTVNTUAACAAAACgAKADgAAAAFgomiKm9ZWYx42iUAAAAAAAAAAJQAlABCAAAABQLODgAAAA
>>> 9EAE8ARABFAFMAAgAKAEQATwBEAEUAUwABAAgATABPAEIATwAEACAAYwBhAGoAYQBkAGUAYgB1
>>> AHIAZwBvAHMALgBkAGUAcwADACoATABPAEIATwAuAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC
>>> 4AZABlAHMABQAgAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC4AZABlAHMAAAAAAA==' to
>>> squid
>>> ntlm-auth[5888](ntlm_auth.c:227): Got 'KK
>>> TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAAAoACgBIAAAAGgAaAFIAAAAeAB4AbAAAAAAAAA
>>> C6AAAABYKIogUBKAoAAAAPRABPAEQARQBTAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAVwAz
>>> ADAANgA0AFMASQBTAFQARQBNADQAMQAyADMAeSeUuCuU9W8AAAAAAAAAAAAAAAAAAAAAS1A3HJ
>>> C0hQNSHHJkIAWFKfpFuYbbQSY3' from Squid
>>> ntlm-auth[5888](libntlmssp.c:269): checking domain: 'DODES', user:
>>> 'Administrator'
>>> ntlm-auth[1488](ntlm_auth.c:227): Got 'YR
>>> TlRMTVNTUAABAAAAB7IIogUABQA3AAAADwAPACgAAAAFASgKAAAAD1czMDY0U0lTVEVNNDEyM0
>>> RPREVT' from Squid
>>> ntlm-auth[1488](ntlm_auth.c:183): attempting SSPI challenge retrieval
>>> ntlm-auth[1488](ntlm_auth.c:186): Got it
>>> ntlm-auth[1488](ntlm_auth.c:266): sending 'TT
>>> TlRMTVNTUAACAAAACgAKADgAAAAFgomieoupMy56RPkAAAAAAAAAAJQAlABCAAAABQLODgAAAA
>>> 9EAE8ARABFAFMAAgAKAEQATwBEAEUAUwABAAgATABPAEIATwAEACAAYwBhAGoAYQBkAGUAYgB1
>>> AHIAZwBvAHMALgBkAGUAcwADACoATABPAEIATwAuAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC
>>> 4AZABlAHMABQAgAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC4AZABlAHMAAAAAAA==' to
>>> squid
>>> ntlm-auth[1488](ntlm_auth.c:227): Got 'KK
>>> TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAAAoACgBIAAAAGgAaAFIAAAAeAB4AbAAAAAAAAA
>>> C6AAAABYKIogUBKAoAAAAPRABPAEQARQBTAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAVwAz
>>> ADAANgA0AFMASQBTAFQARQBNADQAMQAyADMA1ZT+19V97OkAAAAAAAAAAAAAAAAAAAAA8Blnof
>>> qUp9IgkhbtwIrMXehHu2rY9CmE' from Squid
>>> ntlm-auth[1488](libntlmssp.c:269): checking domain: 'DODES', user:
>>> 'Administrator'
>>> ntlm-auth[2968](ntlm_auth.c:227): Got 'YR
>>> TlRMTVNTUAABAAAAB7IIogUABQA3AAAADwAPACgAAAAFASgKAAAAD1czMDY0U0lTVEVNNDEyM0
>>> RPREVT' from Squid
>>> ntlm-auth[2968](ntlm_auth.c:183): attempting SSPI challenge retrieval
>>> ntlm-auth[2968](ntlm_auth.c:186): Got it
>>> ntlm-auth[2968](ntlm_auth.c:266): sending 'TT
>>> TlRMTVNTUAACAAAACgAKADgAAAAFgomiUIsf25S7gqMAAAAAAAAAAJQAlABCAAAABQLODgAAAA
>>> 9EAE8ARABFAFMAAgAKAEQATwBEAEUAUwABAAgATABPAEIATwAEACAAYwBhAGoAYQBkAGUAYgB1
>>> AHIAZwBvAHMALgBkAGUAcwADACoATABPAEIATwAuAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC
>>> 4AZABlAHMABQAgAGMAYQBqAGEAZABlAGIAdQByAGcAbwBzAC4AZABlAHMAAAAAAA==' to
>>> squid
>>> ntlm-auth[2968](ntlm_auth.c:227): Got 'KK
>>> TlRMTVNTUAADAAAAGAAYAIoAAAAYABgAogAAAAoACgBIAAAAGgAaAFIAAAAeAB4AbAAAAAAAAA
>>> C6AAAABYKIogUBKAoAAAAPRABPAEQARQBTAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAVwAz
>>> ADAANgA0AFMASQBTAFQARQBNADQAMQAyADMAbyG+h4SorQUAAAAAAAAAAAAAAAAAAAAAd77QUF
>>> RWePBef5FF6BB6B9Zglk4maUIg' from Squid
>>> ntlm-auth[2968](libntlmssp.c:269): checking domain: 'DODES', user:
>>> 'Administrator'
>>> ntlm-auth[4072](ntlm_auth.c:227): Got 'YR
>>> TlRMTVNTUAABAAAAB7IIogUABQA3AAAADwAPACgAAAAFASgKAAAAD1czMDY0U0lTVEVNNDEyM0
>>> RPREVT' from Squid
>>> ntlm-auth[4072](ntlm_auth.c:183): attempting SSPI challenge retrieval
>>> ntlm-auth[4072](ntlm_auth.c:186): Got it
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> What can be the problem?.
>>>
>>> Thanks.
>>>
>>>
>>> Verónica Delgado
>>> Depto. Sistemas
>>> CAJA DE BURGOS
>>> C: 947 258 495
>>> : vdelgado_at_cajadeburgos.es
>>>
>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.7
Received on Wed May 13 2009 - 12:44:34 MDT

This archive was generated by hypermail 2.2.0 : Wed May 13 2009 - 12:00:02 MDT