On 11/08/11 20:55, Christian Gregoire wrote:
>
>
>> Check cache.log for any mentions of problems. Perhapse enable debugging
>> with -d on the helper to see if there is an issue with the validation.
>
>
> Thanks for the tip. Indeed, I've run squid with the -X flag and got a pretty
> clear error for that request, while everything's fine for the others :
>
> [...]
> 2011/08/10 18:22:54.040| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
> us 'AF expinet.colissimo'
> 2011/08/10 18:22:54.040| authenticateNTLMHandleReply: Successfully validated
> user via NTLM. Username 'expinet.colissimo'
> 2011/08/10 18:22:54.845| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
> us 'TT
> TlRMTVNTUAACAAAADAAMADAAAAAFgomiVcvIuzNYgBwAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
>
> 2011/08/10 18:22:54.845| authenticateNTLMHandleReply: Need to challenge the
> client with a server blob
> 'TlRMTVNTUAACAAAADAAMADAAAAAFgomiVcvIuzNYgBwAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
>
> 2011/08/10 18:22:54.854| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
> us 'AF expinet.colissimo'
> 2011/08/10 18:22:54.855| authenticateNTLMHandleReply: Successfully validated
> user via NTLM. Username 'expinet.colissimo'
> 2011/08/10 18:22:57.166| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
> us 'TT
> TlRMTVNTUAACAAAADAAMADAAAAAFgomiBYi9jX1PfFAAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
>
> 2011/08/10 18:22:57.166| authenticateNTLMHandleReply: Need to challenge the
> client with a server blob
> 'TlRMTVNTUAACAAAADAAMADAAAAAFgomiBYi9jX1PfFAAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
>
> 2011/08/10 18:22:57.176| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
> us 'AF expinet.colissimo'
> 2011/08/10 18:22:57.176| authenticateNTLMHandleReply: Successfully validated
> user via NTLM. Username 'expinet.colissimo'
> 2011/08/10 18:22:58.629| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
> us 'TT
> TlRMTVNTUAACAAAADAAMADAAAAAFgomi/vpkDjFtgzcAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
>
> 2011/08/10 18:22:58.629| authenticateNTLMHandleReply: Need to challenge the
> client with a server blob
> 'TlRMTVNTUAACAAAADAAMADAAAAAFgomi/vpkDjFtgzcAAAAAAAAAAHYAdgA8AAAAUABJAEMASABPAE4AAgAMAFAASQBDAEgATwBOAAEAEgBGAFcALQBNAEEAUwBUAEUAUgAEABgAcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAwAsAGYAdwAtAG0AYQBzAHQAZQByAC4AcABpAGMAaABvAG4ALgBsAG8AYwBhAGwAAAAAAA=='
>
> 2011/08/10 18:22:58.639| authenticateNTLMHandleReply: helper: '0x1d3ccc08' sent
> us 'NA NT_STATUS_NO_SUCH_USER'
> 2011/08/10 18:22:58.639| authenticateNTLMHandleReply: Failed validating user via
> NTLM. Error returned 'NT_STATUS_NO_SUCH_USER'
>
> The challenge might be wrongly generated by the client, though it'd be weird
> given the previous ones are correct. Or, if it's still related to the POST data
> length being zero, just to clear things up, do you know if it's (the POST data)
> used by the challenge generation algorithm?
POST data should be irrelevant. The helper is only working with an
failing to validate the Proxy-Authenticate header contents.
The trace you have above is Squids view of things. You need to send -d
to the helper itself (if available) to get the helpers view of whats
going on inside there.
>> What application is this? there are two bugs in those headers that need
>> reporting. Not related to your NTLM problems though.
>
>
> It's a Windows software, I don't know which client HTTP library is used.
Darn. Oh well.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10Received on Thu Aug 11 2011 - 09:22:38 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 12 2011 - 12:00:01 MDT