Folks, I am running 4 proxy servers with squid 3.1.19 (yes, I know it is old, will update soon) with kerberos authentication behind a F5 load balancer for a user community of about 2000 people using Windows/I.E.. Normally, this all works fine, people can surf the web and authentication happens in background as it should. The issue we are seeing is around once per month at random one of the kerberos authenticators seems to start spamming the life out of the windows AD servers. The event we ID we are seeing on the windows servers is 0xc000006a which translates to, basically, bad password. We seem to get this when a user (not always the same one) changes their password. Clearly, it does not happen every time, we have a password expiry policy in AD so every is forced to change their password regularly so we would be seeing the problem a lot more frequently if it happened every time a user changed their password. It seems to me that there is some sort of race condition going on where, perhaps, the authenticators are doing something while the password is being changed, the authenticators keep using the old details. When this happens the authenticator seems to spin making requests at a very rapid rate, my windows admins tell me there are milliseconds between requests and it fills their logs, also the users account gets locked out due to too many bad passwords. There is nothing in the logs indicating anything is wrong. Is this fixed in a later version? If not, any ideeas on how to troubleshoot? -- Brett Lymn "Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."
