If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Proxy: Add UI option to not use NTLM on Windows (squid problems)

RESOLVED INCOMPLETE

Status

()

Core
Networking
--
enhancement
RESOLVED INCOMPLETE
14 years ago
2 years ago

People

(Reporter: nathanc, Unassigned)

Tracking

Trunk
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ntlm-auth])

Attachments

(1 attachment)

39.59 KB, text/plain
Details
(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3.1) Gecko/20030425
Build Identifier: http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.4/

I was excited to download and start using 1.4 when it came out, however I had a
problem using it.

I couldn't get the authentication popup to stop comming up. I have been using
Mozilla exclusively since 1.1. It has worked fine in my corporate environment
until 1.4 (Windows) started using NTLM authentication.

I couldn't find an option in the preferences to disable NTLM so that I could use
the older authentication method (and therefore get access to the Web).

Our SysAdmins state "Internet Explorer is our only sanctioned browser, use it."
But I refuse.  I have downgraded to Mozilla 1.3.1 until I can switch off NTLM or
until the SysAdmins bend and try to find out why NTLM is failing.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.




I can't tell you what version of what firewall, proxy server, or NTLM we are
using, or even the vendors.  I am just a programmer and am not privy to the
details of our corporate network.

Comment 1

14 years ago
why don't you use proper credentials instead ?
Just use the username field as "DOMAIN\username" and your standard password.
Whiteboard: [ntlm-auth]
(Reporter)

Comment 2

14 years ago
Oliver, thanks for the suggestion.

However, it didn't work, I just got a "Cache Access Denied" error from our 
proxy/firewall.

But I did get more information on our proxy/firewall. It's running 
squid/2.5.STABLE3.

Our SysAdmins have been messing around with the NTLM settings on the 
proxy/firewall in an attempt to make it more secure. So I'm not sure that we 
have a "standard" installation of anything.

Is there a user preference setting in the prefs.js file or elsewhere to disable 
NTLM in the mean time?

Comment 3

14 years ago
use latest nightly build http://ftp.mozilla.org/pub/mozilla/nightly/latest and
provide a HTTP log from the failing session (only), see instructions here:
http://www.mozilla.org/projects/netlib/http/http-debugging.html

Comment 4

14 years ago
there is no pref to disable NTLM, but you can manually edit the file
"compreg.dat" stored in the "components" directory and remove the line that
looks like:

@mozilla.org/network/http-authenticator;1?scheme=ntlm,{blah-blah-blah-blah}

darin

Comment 5

14 years ago
nathanc: i suspect you are experiencing bug 211843.
Depends on: 211843
(Reporter)

Comment 6

14 years ago
Created attachment 129599 [details]
Log File

This is the log file requested by Olivier Cahagne in Comment 3.
(Reporter)

Comment 7

14 years ago
Thanks Darin.

The removal of the NTLM Authenticator Line worked.

I hope that it is Bug 211843, this will help me convince the SysAdmins to fix
the proxy/firewall.

The Log file I attached should help you decipher the problem.

Comment 8

14 years ago
In another bug report, someone does have this combination working. I'm trying to
get access to the documentation or steps for that config, because I want that
for my test farm.
Summary: Add UI option to not use NTLM on Windows → Proxy: Add UI option to not use NTLM on Windows (squid problems)

Comment 9

14 years ago
0[234008]:   InitializeSecurityContext returned [rc=-2146893054:]

this log file line is telling... this bug doesn't have anything to do with bug
211843 afterall.  from what i can tell (doing some googling.. don't have a MSVC
build environment handy), that error code is:

#define SEC_E_UNSUPPORTED_FUNCTION 0x80090302L

unfortunately, there isn't any more information about why that is the case.  or
in particular what function is not supported.  at least in this case, the server
is Squid, so maybe i can get a copy of squid setup with NTLM auth and see this
in action for myself.

seems to me that we have two bugs here: 1) add ui option, and 2) fix the bug. 
perhaps filing a new bug for the error code is the thing to do, or perhaps we
already have one on file, and it is just a matter of finding the right bug to
match this up with.
Status: UNCONFIRMED → NEW
No longer depends on: 211843
Ever confirmed: true
Target Milestone: --- → Future

Comment 10

14 years ago
squid 2.5-STABLE4 has been released... maybe it has some improvements that will
help this situation.

Comment 11

14 years ago
This may be one of Samba's NTLMSSP bugs :-)

Squid backs onto Samba for NTLMSSP in most installations.  If the setup was
Samba 3.0.1 backed, then this bug has probably been fixed, but should be raised
on the samba lists or against ntlm_auth in bugzilla.samba.org

Andrew Bartlett
Samba Team

Comment 12

11 years ago
-> default owner
Assignee: darin → nobody
Component: Networking: HTTP → Networking
QA Contact: networking.http → networking
Target Milestone: Future → ---
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.