Hi Amos,
Could you let me know what are valid respones from the negotiate helper
compared to ntlm helper ? It seems I have to translate them.
Thank you
Markus
"Markus Moeller" <hua...@moeller.plus.com> wrote in message
news:ilcv9m$kra$1...@dough.gmane.org...
Hi Amos,
When I use my wrapper I had to modify the samba ntlm_auth helper to
return another AF string. I run 3.0.STABLE25 and
/usr/bin/ntlm_auth -V
Version 3.5.4-2489-SUSE-SL11.3
FATAL: authenticateNegotiateHandleReply: *** Unsupported helper response
***, 'AF WIN2003R2\administrator'
Would it be possible that the Negotiate reply handler accepts both formats
? I used
auth_param negotiate program /usr/sbin/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
/usr/sbin/squid_kerb_auth -d -s GSS_C_NO_NAME
Thank you
Markus
2011/03/10 22:44:34| negotiate_wrapper: Got 'YR
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==' from squid
(length: 59).
2011/03/10 22:44:34| negotiate_wrapper: Decode
'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==' (decoded
length: 40).
2011/03/10 22:44:34| negotiate_wrapper: received type 1 NTLM token
2011/03/10 22:44:34| negotiate_wrapper: Got 'KK
TlRMTVNTUAADAAAAGAAYAIAAAAAYABgAmAAAABIAEgBIAAAAGgAaAFoAAAAMAAwAdAAAAAAAAACwAAAABYKIogUCzg4AAAAPVwBJAE4AMgAwADAAMwBSADIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBXADIASwAzAFIAMgCkBlG0MZTzRwAAAAAAAAAAAAAAAAAAAABFkwULOmCaiWNR/69aXr44O8ZJJ/pEwzE='
from squid (length: 239).
2011/03/10 22:44:34| negotiate_wrapper: Decode
'TlRMTVNTUAADAAAAGAAYAIAAAAAYABgAmAAAABIAEgBIAAAAGgAaAFoAAAAMAAwAdAAAAAAAAACwAAAABYKIogUCzg4AAAAPVwBJAE4AMgAwADAAMwBSADIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBXADIASwAzAFIAMgCkBlG0MZTzRwAAAAAAAAAAAAAAAAAAAABFkwULOmCaiWNR/69aXr44O8ZJJ/pEwzE='
(decoded length: 176).
2011/03/10 22:44:34| negotiate_wrapper: received type 3 NTLM token
2011/03/10 22:44:35| storeDirWriteCleanLogs: Starting...
2011/03/10 22:44:35| WARNING: Closing open FD 25
2011/03/10 22:44:35| Finished. Wrote 2747 entries.
2011/03/10 22:44:35| Took 0.00 seconds (1852326.37 entries/sec).
FATAL: authenticateNegotiateHandleReply: *** Unsupported helper response
***, 'AF WIN2003R2\administrator'
Squid Cache (Version 3.0.STABLE25): Terminated abnormally.
CPU Usage: 0.225 seconds = 0.017 user + 0.208 sys
Maximum Resident Size: 39392 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 3244 KB
Ordinary blocks: 3163 KB 7 blks
Small blocks: 0 KB 0 blks
Holding blocks: 3664 KB 13 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 80 KB
Total in use: 6827 KB 210%
Total free: 80 KB 2%
2011/03/10 22:44:38| Starting Squid Cache version 3.0.STABLE25 for
i686-suse-linux-gnu...
"Amos Jeffries" <squ...@treenet.co.nz> wrote in message
news:4c651eb3.6020...@treenet.co.nz...
Markus Moeller wrote:
"Amos Jeffries" <squ...@treenet.co.nz> wrote in message
news:4c5187d2.5010...@treenet.co.nz...
Markus Moeller wrote:
Hi Amos,
Hi Amos
How does your time look like now ?
Regards
Markus
Looks passable. I have not had time for a detailed view of the logics.
I'll commit this tomorrow with a name tweak, the naming scheme has been
through the external acl helpers too now. I'll just tack ext_ on the
front and _acl on the back of the existing binary name and update the
docs to match.
One thing that worries me still is the RUN_IFELSE autoconf macros still
being added to configure.in. I'm sure there is a macro that checked for
defined values of things inside headers without running stuff. If you
can try and find that it would be great not to have to run anything on
build.
I have 4 RUN_IFELSE.
The first is to check to check that ldap works with the provided
libraries. Is that unusual ? Any other suggestion how to check ?
Um, okay. Thats reasonable on build. Duplicating at run-time may also be
useful since the particular run-time libraries are not always the ones
built against.
The other three are to determine the LDAP vendor, which is a define
statement in one of the ldap header files and as it is a string in a
define I can not use any header grep nor proprocessor checks ( at least
I do not know of any).
Nasty. Oh well.
Okay. Have applied to Squid-3.HEAD with the extra ext_*_acl bits on the
binary name and docs for the current naming style.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.6
Beta testers wanted for 3.2.0.1
