> >ntlm-auth[1864]: attempting SSPI challenge retrieval
> >ntlm-auth[1864]: Got it
> >ntlm-auth[1864]: sending 'TT *some stuff that might be a 
> hash*' to squid
> >ntlm-auth[1864]: Got 'KK *some more hash-like stuff*' from Squid
> >ntlm-auth[1864]: No domain supplied. Returning no-auth
> >ntlm-auth[1864]: sending 'NA Incorrect Request Format' to squid
> 
> This response from the helper is clear:
> 
> There is an NTLM authentication request without domain, but the 
> domain field is mandatory for NTLM authentication with the current 
> ntlm-auth.exe helper.
> 
> Some of your client is sending user credentials without domain, may 
> be local users or a machine not member of the Windows domain.

Thanks for the response, Guido.

That was as I thought - that it was a client sending some kind of bad
credentials; still doesn't tell me *which* client though!  And as
authenticator log entries aren't time stamped I can't even try to
correlate them with TCP_DENIED entries in access.log.

As asked in the OP, is there a debug_level parameter that can be used to
trace requests sent to authenticator helper processes?  None of the
candidates in debug-sections.txt seem quite right, unless section 28 is
the one.

Regards

Euan

Reply via email to