Bug 182715 - Squid-NTLM authentication unreliable
Summary: Squid-NTLM authentication unreliable
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: samba   
(Show other bugs)
Version: 3.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2006-02-24 08:53 UTC by Protechta
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-19 18:47:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Samba Project 1475 None None None Never

Description Protechta 2006-02-24 08:53:02 UTC
Description of problem:
I am using Squid (squid-2.5.STABLE3) on Red Hat EL 3.  I
am using the ntlm_auth for ntlm authentication in squid.  From time to time, as
users are surfing, they receive a user/password/domain dialog (if they are a
domain member they should never see this).  In debug.log, I see the
following logs:
[2006/01/09 12:18:30, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2006/01/09 12:18:30, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(573)
  ntlmssp_server_auth: failed to parse NTLMSSP:
I think this bug has been already reported in Samba Bugzilla (bugs 1194/1475).
Is the patch for this bug included in Red Hat EL 3 updated RPM?

Version-Release number of selected component (if applicable):
RHEL version is: Red Hat Enterprise Linux ES release 3 (Taroon Update 6)
Samba version: samba-3.0.9-1.3E.5
Squid version: squid-2.5.STABLE3-6.3E.14

How reproducible:
I don't know how exactly reproduce this bug because the problem happens from
time to time.

Steps to Reproduce:
1. Configure Samba to join an active windows domain.
2. Configure Squid to use NTLM authentication using the ntlm_auth helper
included in samba package.
Actual results:

Expected results:

Additional info:

Comment 1 Andrew Bartlett 2006-12-27 04:24:39 UTC
Do the times line up with password popups?

The NTLMSSP authentication process isn't very reliable, due to the stateful
nature of the whole process.  A later version of Samba might fix some of the
issues (providing a much more reliable winbindd), in particular it also removes
a bogus 

ntlmssp_server_auth: failed to parse NTLMSSP:

line from being output into the logs.

Andrew Bartlett

Comment 2 RHEL Product and Program Management 2007-10-19 18:47:04 UTC
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.