Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 4737 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Auth - received ntlmpkt with invalid signature

beth
Hi,

After i got a user authentication pop up (IE) serverll times i found this error 
"received ntlmpkt with invalid signature"
in the Content Filter log - but i can´t find any documantation.

does anybody know what the problem could be?

thx
tom


This thread was automatically locked due to age.
  • 0
    There's no mention of "ntlmpkt" anywhere on the internet - can you provide the exact wording?

    Version of Astaro?  Authentication mode?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    thats my problem ;-)

    authentication mode is ad sso - which works (in general) with proxy profiles. AD Server runs in 2003 Mode.

    heres the log entry:

    2009:08:31-06:44:06 asg01 httpproxy[3766]: [0xb2054760] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature: [W]
    2009:08:31-06:44:06 asg01 httpproxy[3766]: [0xb2054760] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature: [W]
    2009:08:31-06:44:06 asg01 httpproxy[3766]: [0xb2054760] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature: [W]
    2009:08:31-06:44:06 asg01 httpproxy[3766]: [0xb2054760] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature: [W]
  • 0
    Doh! - Sorry, I didn't see the AD in the title until just now.

    I remember a thread or two about authentication logins being required when they shouldn't have been.  You might try searching here.

    You might want to open a ticket with Astaro Support.  When you find the answer, please post back here.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Can you capture that with tcpdump and send it to me please? Looks like the Client sends some strange data - what browser are you using?

    Regards,

    Sven.
  • 0 in reply to svens
    i can´t see anything regarding this error in the tcpdump - but i ll send you the output (if you could give me your emai adr.)

    thx!
  • 0 in reply to beth
    Please write the tcpdump to a file, like the following example:

    tcpdump -ni any port 8080 -s0 -w http.pcap

    send it to sschnelle@astaro.com

    Thanks!
  • 0
    Any resolution to this? I am having the same problem. We just completely built an Astaro cluster from scratch (at Firmware version:  7.405). When I try to turn SSO on, I get that error. The connection to AD seems fine.
  • 0
    Having the same issue with my ASG 7.504:
    +++++++++++++++++++++++++++++++++++
    2010:05:18-08:32:12 iqsasl httpproxy[9084]: [0xb1d4a9c0] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature:  
    2010:05:18-08:32:12 iqsasl httpproxy[9084]: [0xb1d52090] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature:  
    2010:05:18-08:32:12 iqsasl httpproxy[9084]: [0xb1dc35c8] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature:  
    2010:05:18-08:32:12 iqsasl httpproxy[9084]: [0xb1d54eb0] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature:  
    2010:05:18-08:32:12 iqsasl httpproxy[9084]: [0xb1d4b090] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature:  
    +++++++++++++++++++++++++++++++++++

    Is there a solution to this issue?
  • 0
    According to BruceKConvergent: "If you don't use a FQDN to connect to the proxy, NTLM is what is used to authenticate [...]." So, in the browser's proxy configuration, try using an FQDN instead of the IP of "Internal (Address)".  That will cause authentication with Kerberos.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Yes, give that a try...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.