Bug 182715

Summary: Squid-NTLM authentication unreliable
Product: Red Hat Enterprise Linux 3 Reporter: Protechta <rhn>
Component: sambaAssignee: Simo Sorce <ssorce>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: samba-bugs-list
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-19 18:47:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Protechta 2006-02-24 08:53:02 UTC 
Description of problem:
I am using Squid (squid-2.5.STABLE3) on Red Hat EL 3.  I
am using the ntlm_auth for ntlm authentication in squid.  From time to time, as
users are surfing, they receive a user/password/domain dialog (if they are a
domain member they should never see this).  In debug.log, I see the
following logs:
[2006/01/09 12:18:30, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2006/01/09 12:18:30, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(573)
  ntlmssp_server_auth: failed to parse NTLMSSP:
I think this bug has been already reported in Samba Bugzilla (bugs 1194/1475).
Is the patch for this bug included in Red Hat EL 3 updated RPM?

Version-Release number of selected component (if applicable):
RHEL version is: Red Hat Enterprise Linux ES release 3 (Taroon Update 6)
Samba version: samba-3.0.9-1.3E.5
Squid version: squid-2.5.STABLE3-6.3E.14


How reproducible:
I don't know how exactly reproduce this bug because the problem happens from
time to time.

Steps to Reproduce:
1. Configure Samba to join an active windows domain.
2. Configure Squid to use NTLM authentication using the ntlm_auth helper
included in samba package.
  
Actual results:


Expected results:


Additional info:
Comment 1 Andrew Bartlett 2006-12-27 04:24:39 UTC 
Do the times line up with password popups?

The NTLMSSP authentication process isn't very reliable, due to the stateful
nature of the whole process.  A later version of Samba might fix some of the
issues (providing a much more reliable winbindd), in particular it also removes
a bogus 

ntlmssp_server_auth: failed to parse NTLMSSP:

line from being output into the logs.

Andrew Bartlett
Comment 2 RHEL Program Management 2007-10-19 18:47:04 UTC 
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.