On 09/03/11 18:02, Sharik M wrote:
I have configured squid with AD authentication its working fine
Great, so you have no problems.
but I am getting lots of error for authentication failed.
"working fine" equals "lots of error"
Oh dear, you (any many others) need to seek psychiatric help. You have
been overdosed with marketing language or political speak.
/jokses
squid-2.5.STABLE14-1.4E
samba-3.0.10-1.4E.11
With todays technology trends towards HTTP/1.1 and dynamic content you
need to look at upgrading Squid soonish.
Given the versions I'll take a wild guess and say this page might be of
some interest:
http://wiki.squid-cache.org/KnowledgeBase/RedHat
Windows 2003 Domain Audit log failure.
Pre-authentication failed:
User Name: proxy$
User ID: DOMAIN\proxy$
Service Name: krbtgt/DOMAIN.HOME
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 10.1.5.12
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
K, for starters...
"Pre-Authentication" is a general term for what Kerberos or NTLM login
*are*.
The browser logs into the DC, then sends a ticket from that
existing/"pre" login along with requests, so that the Squid helper can
ask the DC for permission to let the ticket holder connect.
Squid is merely the middleware and has nothing to do with the auth
ticket itself. It is received from the browser and passed unchanged to
the DC.
Somebody on the network it using stale or invalid login tickets. The
ones with machine account tickets sounds like they may possibly be the
Squid box with a stale ticket. The ones for usernames are more likely
stale tickets the users machines have.
Good luck.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5
