Re: Active Directory Authentication failing at the browser

<dolson@xxxxxxxxx> · Tue, 17 Nov 2015 21:17:20 +0000

Thank you Amos!  That helps me a great deal!

-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries
Sent: Tuesday, November 17, 2015 3:15 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Active Directory Authentication failing at the browser

On 18/11/2015 9:36 a.m., dolson@xxxxxxxxx wrote:
> Thank you for your help Amos,
> 
> I think I am a little further, but I'm still having some issues.
> 
> I updated my proxy address from the IP to the FQDN and this removed the login page that I previously mentioned, but I still could not get to any external websites.  Internal sites work working correctly.  I have attached the screen shot of the message.
> 
> I have followed the new links that you provided and changed the permissions on the /var/lib/samba/winbindd_privileged file as directed, and tested winbind using the instructions and everything is working.
> 
> Per your suggestion, I upgraded Firefox to 4.2.  What was really interesting is, when I used the link from the About Firefox window, I was able to access the Mozilla website, and download the file with no errors on the webpage in the browser, but continue to get it if I now go to the site by entering the address in the address bar.
> 
> I have included below excerpts from the access.log and cache.log files from the last attempts to see if you or someone else can help me understand the information in the files so I can see where the problem may be.
> 
> Access.log:
> 
> 1447788372.600      7 10.1.3.56 TCP_DENIED/407 3826 GET http://srv-joomla/portal/ - HIER_NONE/- text/html
> 1447788372.812     63 10.1.3.56 TCP_MISS/500 6727 GET http://srv-joomla/portal/ dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788372.903      0 10.1.3.56 TCP_MISS/500 4085 GET http://www.squid-cache.org/Artwork/SN.png dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788373.059      0 10.1.3.56 TCP_MISS/500 4025 GET http://srv-joomla/favicon.ico dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788373.106      0 10.1.3.56 TCP_MISS/500 4025 GET http://srv-joomla/favicon.ico dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788377.958      0 10.1.3.56 TCP_DENIED/407 3903 POST http://ocsp.digicert.com/ - HIER_NONE/- text/html
> 1447788378.163     45 10.1.3.56 TCP_MISS/500 6792 POST http://ocsp.digicert.com/ dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788378.207      0 10.1.3.56 TCP_MISS/500 4110 POST http://clients1.google.com/ocsp dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788378.786      0 10.1.3.56 TCP_MISS/500 4004 GET http://www.google.com/ dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788378.832      0 10.1.3.56 TCP_MISS/500 4080 GET http://www.squid-cache.org/Artwork/SN.png dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788378.894      0 10.1.3.56 TCP_MISS/500 4037 GET http://www.google.com/favicon.ico dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788379.051      0 10.1.3.56 TCP_MISS/500 4037 GET http://www.google.com/favicon.ico dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788381.219      0 10.1.3.56 TCP_MISS/500 4092 POST http://ocsp.digicert.com/ dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788383.357      0 10.1.3.56 TCP_MISS/500 3995 GET http://www.cnn.com/ dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788383.516      0 10.1.3.56 TCP_MISS/500 4077 GET http://www.squid-cache.org/Artwork/SN.png dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788383.577      0 10.1.3.56 TCP_MISS/500 4028 GET http://www.cnn.com/favicon.ico dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788383.749     15 10.1.3.56 TCP_MISS/500 4028 GET http://www.cnn.com/favicon.ico dolson@xxxxxxxxx HIER_NONE/- text/html
> 1447788432.030      0 10.1.3.56 TCP_MISS/500 4092 POST http://ocsp.digicert.com/ dolson@xxxxxxxxx HIER_NONE/- text/html
> 

The above and the cache.log show the authentication apparently working fine. The problem is elsewhere.

The "some possible problems" section of the error message list the things you need to look at fixing.

The access.log lines with "TCP_MISS/500" and "HIER_NONE/-" indicate that Squid is not able to connect to any external server to fetch the objects it is being asked for. Something is broken at the TCP layer; firewall settings? DNS resolution? NAT from 10/8 to public Internet?

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users