Re: [squid-users] NTLMSSP_AUTH fails with WSUS 3.0SP2

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 09 Jun 2012 17:34:30 +1200

On 9/06/2012 7:38 a.m., Kevin Elliott wrote:
> I'm having the exact same issue as John Treen had back in February 2011 as found in the list archives. Unfortunately I couldn't find a corresponding solution.
>
> http://www.squid-cache.org/mail-archive/squid-users/201102/0008.html
>
>
> It appears that WSUS only sends the first character of the username, hostname and domain instead of the full string. This of course causes WSUS to fail the authentication challenge from Squid.
>
> 16.693705 199.58.55.61 -> 199.58.55.66 HTTP CONNECT stats.update.microsoft.com:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 16.693732 199.58.55.66 -> 199.58.55.61 TCP http-alt> 57476 [ACK] Seq=1 Ack=200 Win=6912 Len=0
> 16.694616 199.58.55.66 -> 199.58.55.61 TCP [TCP segment of a reassembled PDU]
> 16.694641 199.58.55.66 -> 199.58.55.61 HTTP HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
> 16.695567 199.58.55.61 -> 199.58.55.66 TCP 57476> http-alt [ACK] Seq=200 Ack=2921 Win=65536 Len=0
> 16.696041 199.58.55.61 -> 199.58.55.66 TCP 57476> http-alt [RST, ACK] Seq=200 Ack=4144 Win=0 Len=0
> 16.696182 199.58.55.61 -> 199.58.55.66 TCP 57477> http-alt [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=8
> 16.696216 199.58.55.66 -> 199.58.55.61 TCP http-alt> 57477 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 WS=7
> 16.696417 199.58.55.61 -> 199.58.55.66 TCP 57477> http-alt [ACK] Seq=1 Ack=1 Win=65536 Len=0
> 16.696670 199.58.55.61 -> 199.58.55.66 HTTP CONNECT stats.update.microsoft.com:443 HTTP/1.1 , NTLMSSP_AUTH, User: C\u
>
>
> Does anyone know if there was a solution for this posted to the mailing list?

What would you expect Squid to do when the incorrect username/password
are sent?

It seems to me the WSUS help groups are the best place to find out why
this truncation behaviour is happening and how to fix it.

Amos
Received on Sat Jun 09 2012 - 05:34:46 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 10 2012 - 12:00:03 MDT