polygraph and NTLMSSP auth

Alex Rousskov rousskov at measurement-factory.com
Mon Jul 21 22:01:20 UTC 2008


On Mon, 2008-07-21 at 12:41 -0300, Marcos Dutra wrote:

> Thanks for the answer but, I think Polygraph not autenticate in my AD
> schema yet. How do I do? Well, when execute polysrv and I use a links
> browser in shell to connect in localhost:9090, polysrv output the
> connection, but when use polyclt, the polysrv don't output nothing.
> 
> According the site I put in simple.pg:
> credentials = ["domain+user at machine:password"]; -> don't work to
> autenticate
> pconn_use_lmt = zipf(64);
> 
> What's happen? I think this is a correct not?

The above portions of the Robot configuration and the console output you
sent earlier look correct to me. You will not get a connection on the
server side until the proxy authenticates the Polygraph robot. 

Since it is the proxy doing authentication with your AD, I would
recommend looking in the proxy logs for more clues. For Squid support,
see www.squid-cache.org; there may even be an FAQ entry for NTLM
authentication there.

If Squid logs convince you that Polygraph is at fault, please send your
Polygraph workload, Squid configuration file, and a few packets captured
on the client side to bugs at web-polygraph.org.

Good luck,

Alex.


> 2008/7/18 Alex Rousskov <rousskov at measurement-factory.com>:
>         On Fri, 2008-07-18 at 19:01 -0300, Marcos Dutra wrote:
>         
>         > I tested polygraph in squid with ntlmssp auth and don't
>         work. I just
>         > modify the file simple.pg with option :
>         > credentials = ["domain+user at mymachine:mypassword"];
>         >
>         > And i've tested with:
>         > credentials = ["domain\user at mymachine:mypassword"];
>         
>         
>         The first 407 response in your console output is normal. It is
>         an
>         invitation for the client to send credentials. However, I
>         think you need
>         to enable persistent connections for NTLM to work. By default,
>         Polygraph
>         Robots do not use persistent connections.
>         
>         To enable pconns, search for "NTLM and Negotiate
>         authentication require"
>         at the following page and follow the link:
>         http://www.web-polygraph.org/docs/userman/auth.html
>         
>         FWIW, we are adding code to warn users if they are running
>         NTLM tests
>         with persistent connections off as it is a common problem.
>         
>         HTH,
>         
>         Alex.
>         
>         
>         
>         > I run follow command....
>         > ./polyclt --config /usr/local/polygraph/workloads/simple.pg
>         --verb_lvl
>         > 10 --log /tmp/srv.log --proxy 127.0.0.1:3128more
>         >
>         > Bellow the output:
>         >
>         > 000.01| group-id: 121fc331.6c230466:00000002 pid: 1126
>         > 000.01| current time: 1216417151.749467 or Fri, 18 Jul 2008
>         21:39:11
>         > GMT
>         > 000.01| registered client-side session watches: 0
>         > 000.01| registered client-side data filters: 0
>         > 000.01| fyi: PGL configuration stored (426bytes)
>         > 000.01| fyi: no bench selected with use()
>         > 000.01| created 1 agents total
>         > 000.01| Robot R101 [1 / 121fc331.6c230466:00000006] at
>         127.0.0.1 via
>         > 127.0.0.1:3128
>         > 000.01| fyi: current state (1) stored
>         > 000.01| fyi: max local population size: 1 robots
>         > 000.01| fyi: reached max local population size: 1 robots
>         > 1216417151.799753# obj:
>         >
>         http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags:
>         > basic,GET, size: 0/-1 xact: 121fc331.6c230466:0000000a
>         > GET
>         http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001
>         > HTTP/1.1
>         > Accept: */*
>         > Host: 127.0.0.1:9090
>         > X-Xact: 121fc331.6c230466:00000002
>         121fc331.6c230466:0000000a
>         > X-Loc-World: 121fc331.6c230466:00000008 -1/0 0
>         > X-Rem-World: 121fc331.6c230466:00000008 -1/0 0
>         > X-Target: 127.0.0.1:9090
>         > X-Abort: 1412400744 2082554117
>         > X-Phase-Sync-Pos: 0
>         > Proxy-Connection: close
>         >
>         >
>         > 1216417151.800516# obj:
>         >
>         http://127.0.0.1:9090/w121fc331.6c230466:00000006/t01/_00000001 flags:
>         > basic,GET,chb, size: 0/1849 xact: 121fc331.6c230466:0000000a
>         > HTTP/1.0 407 Proxy Authentication Required
>         > Server: squid
>         > Date: Fri, 18 Jul 2008 21:39:11 GMT
>         > Content-Type: text/html
>         > Content-Length: 1477
>         > Expires: Fri, 18 Jul 2008 21:39:11 GMT
>         > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
>         > Proxy-Authenticate: NTLM
>         > X-Cache: MISS from proxy
>         > X-Cache-Lookup: NONE from proxy:3128
>         > Proxy-Connection: close
>         
>         
>         
> 
> 




More information about the Users mailing list