Search squid archive

Password pop up window with NTLM squid proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I again fall into the problem which I faced earlier. Sudden pop up
authentication
window. It was completely ok and was running without any hitch for
last 4/5 months.
But last day after a restart of the machine made this happen. I now
can't find out what is the problem
Last time I did a lot of change and modification and something was
there that did worked.
But this restart made things bad.

Now I am gettings this error:

[root@proxy ~]# tail -1000 /usr/local/squid/var/logs/cache.log |grep failed
  Login for user [DOMAINNAME]\[ad-username]@[PC-4321] failed due to
[Reading winbind reply failed!]
  Login for user [DOMAINNAME]\[ad-username]@[PC-1352] failed due to
[Reading winbind reply failed!]
  Login for user [DOMAINNAME]\[ad-username]@[PC-1352] failed due to
[Reading winbind reply failed!]


I am using RHEL4 update 2; 64 bit.
Squid:
Squid Cache: Version 3.0.STABLE9
configure options:  '--enable-auth=ntlm,basic' '--with-winbind-auth-challenge'

DG was also configured 2.9.9.8.

Samba and winbind are default with OS which is
samba-common-3.0.10-1.4E.2
samba-common-3.0.10-1.4E.2
samba-client-3.0.10-1.4E.2
samba-3.0.10-1.4E.2


samba.conf
----------
[global]
workgroup = DOMAINNAME
netbios name = proxy
realm = DOMAINNAME.COM
server string = Linux Samba Server
security = ads
encrypt passwords = Yes
password server = 10.10.xx.xx
log file = /usr/local/samba/var/%m.log
max log size = 50
log level = 3
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = False
local master = No
domain master = False
dns proxy = No
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000

krb5.conf
---------
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAINNAME.COM
 ticket_lifetiime = 600

[realms]
 DOMAINNAME.COM = {
  kdc = 10.10.xx.xx
  kdc = 10.10.xx.xx
  kdc = abc.domainname.com
  kdc = def.domainname.com
  admin_server = abc.domainname.com
  default_domain = DOMAINNAME.COM
 }

[domain_realm]
 .domainname.com = DOMAINNAME.COM
 domainname.com = DOMAINNAME.COM

[kdc]
 profile = /var/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


nsswitch.conf
-------------
passwd:     compat winbind
group:      compat winbind
shadow:     compat

hosts:      files dns wins
networks:   files dns
protocols:  db files
services:   db files
ethers:     db files
rpc:        db files

wbinfo -u and wbinfo -g works. ntlm_auth --username=ad-username also
works. wbinfo -t also works but takes around 2 minutes to give the
ourput
"checking the trust secret via RPC calls succeeded".

klist also shows the ticket.

Please help with any idea what could be gone wrong. This pop up window
of authentication is a pain. If you click ESC then it gives a page
with cache Access Denied.
But again if you click on Refresh then it works.

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux