182715 – Squid-NTLM authentication unreliable

Bug 182715 - Squid-NTLM authentication unreliable

Summary: Squid-NTLM authentication unreliable

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	3.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Simo Sorce
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-02-24 08:53 UTC by Protechta
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-10-19 18:47:04 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Samba Project	1475	0	None	None	None	Never

Description Protechta 2006-02-24 08:53:02 UTC

Description of problem:
I am using Squid (squid-2.5.STABLE3) on Red Hat EL 3.  I
am using the ntlm_auth for ntlm authentication in squid.  From time to time, as
users are surfing, they receive a user/password/domain dialog (if they are a
domain member they should never see this).  In debug.log, I see the
following logs:
[2006/01/09 12:18:30, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2006/01/09 12:18:30, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(573)
  ntlmssp_server_auth: failed to parse NTLMSSP:
I think this bug has been already reported in Samba Bugzilla (bugs 1194/1475).
Is the patch for this bug included in Red Hat EL 3 updated RPM?

Version-Release number of selected component (if applicable):
RHEL version is: Red Hat Enterprise Linux ES release 3 (Taroon Update 6)
Samba version: samba-3.0.9-1.3E.5
Squid version: squid-2.5.STABLE3-6.3E.14


How reproducible:
I don't know how exactly reproduce this bug because the problem happens from
time to time.

Steps to Reproduce:
1. Configure Samba to join an active windows domain.
2. Configure Squid to use NTLM authentication using the ntlm_auth helper
included in samba package.
  
Actual results:


Expected results:


Additional info:

Comment 1 Andrew Bartlett 2006-12-27 04:24:39 UTC

Do the times line up with password popups?

The NTLMSSP authentication process isn't very reliable, due to the stateful
nature of the whole process.  A later version of Samba might fix some of the
issues (providing a much more reliable winbindd), in particular it also removes
a bogus 

ntlmssp_server_auth: failed to parse NTLMSSP:

line from being output into the logs.

Andrew Bartlett

Comment 2 RHEL Program Management 2007-10-19 18:47:04 UTC

This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.