Re: [squid-users] Authorisation helper error message tracing
Hi, At 16.24 18/04/2006, Holton, Euan wrote: Good afternoon fellow Squid-users I'm currently running Squid 2.5STABLE13-NT on Windows 2000, and I get a fair number of these messages in cache.log: ntlm-auth[4176]: sending 'NA Incorrect Request Format' to squid Would I be correct in assuming that these messages are caused by incorrect client requests, as other than these messages NTLM authentication works well? If so, is there any debug level I can set via debug_options or even some other way to try and trace down what the offending clients are so I can go fix them? Turning on the -d setting for ntlm-auth doesn't really provide a great deal of information as to who it could be: ntlm-auth[1864]: attempting SSPI challenge retrieval ntlm-auth[1864]: Got it ntlm-auth[1864]: sending 'TT *some stuff that might be a hash*' to squid ntlm-auth[1864]: Got 'KK *some more hash-like stuff*' from Squid ntlm-auth[1864]: No domain supplied. Returning no-auth ntlm-auth[1864]: sending 'NA Incorrect Request Format' to squid This response from the helper is clear: There is an NTLM authentication request without domain, but the domain field is mandatory for NTLM authentication with the current ntlm-auth.exe helper. Some of your client is sending user credentials without domain, may be local users or a machine not member of the Windows domain. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
RE: [squid-users] Authorisation helper error message tracing
> >ntlm-auth[1864]: attempting SSPI challenge retrieval > >ntlm-auth[1864]: Got it > >ntlm-auth[1864]: sending 'TT *some stuff that might be a > hash*' to squid > >ntlm-auth[1864]: Got 'KK *some more hash-like stuff*' from Squid > >ntlm-auth[1864]: No domain supplied. Returning no-auth > >ntlm-auth[1864]: sending 'NA Incorrect Request Format' to squid > > This response from the helper is clear: > > There is an NTLM authentication request without domain, but the > domain field is mandatory for NTLM authentication with the current > ntlm-auth.exe helper. > > Some of your client is sending user credentials without domain, may > be local users or a machine not member of the Windows domain. Thanks for the response, Guido. That was as I thought - that it was a client sending some kind of bad credentials; still doesn't tell me *which* client though! And as authenticator log entries aren't time stamped I can't even try to correlate them with TCP_DENIED entries in access.log. As asked in the OP, is there a debug_level parameter that can be used to trace requests sent to authenticator helper processes? None of the candidates in debug-sections.txt seem quite right, unless section 28 is the one. Regards Euan
RE: [squid-users] Authorisation helper error message tracing
ons 2006-04-19 klockan 08:34 +0100 skrev Holton, Euan: > As asked in the OP, is there a debug_level parameter that can be used to > trace requests sent to authenticator helper processes? None of the > candidates in debug-sections.txt seem quite right, unless section 28 is > the one. I would use debug_options ALL,1 33,2 84,5 29,9 33 == client request processing. Will give you the requested URL making it easier to correlate with access.log. 84 == communication with helpers 29 == authenticators (ntlm/basic/digest etc..) Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Authorisation helper error message tracing
> > As asked in the OP, is there a debug_level parameter that > can be used to > > trace requests sent to authenticator helper processes? None of the > > candidates in debug-sections.txt seem quite right, unless > section 28 is > > the one. > > I would use > > debug_options ALL,1 33,2 84,5 29,9 > > 33 == client request processing. Will give you the requested > URL making > it easier to correlate with access.log. > > 84 == communication with helpers > > 29 == authenticators (ntlm/basic/digest etc..) > > Regards > Henrik Thank you very much Henrik. Greatly appreciated! Regards Euan