Hi
I use:
## negotiate kerberos and ntlm authentication
auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 100 startup=10 idle=1
auth_param negotiate keep_alive on
## Module d'authentification NTLM
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 100 startup=10 idle=1
auth_param ntlm keep_alive on
## Si echec du NTLM proposer la fenetre d'authentification
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b dc=mydomain,dc=fr -f sAMAccountName=%s -D cn=Proxy,ou=vpn,dc=mydomain,dc=fr -w "mypass" -t 3 -H 172.16.1.21
auth_param basic children 40 startup=5 idle=1
auth_param basic realm Proxy
#auth_param basic credentialsttl 2 hours
auth_param basic credentialsttl 1 minute
But same problems if i put :
## negotiate kerberos and ntlm authentication
#auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME
#auth_param negotiate children 100 startup=10 idle=1
#auth_param negotiate keep_alive on
Yes i have the login/password of the users (on >5000 accounts, we have 10/20 accounts with this problems)
I have a second server but for Hight Availability
Sample of problems with one username
before 11:17am that's work's
at 11:17am username don't have access to internet and in logs we have the error.
at 07:30pm the username have now internet access ..
regards
Olivier
2016-03-30 9:59 GMT+02:00 Kinkie <gkinkie@xxxxxxxxx>:
Are you using BASIC, ntlm or kerberos?
Do you know that user's password in order to run some tests?
Do you have some other proxy or box where you can run some tests?
AD is a complex system, so the first thing to do is to understand I'd the problem is caused by ad, by the system, by something related to the user or to the author helper or to squid.On Mar 30, 2016 9:50 AM, "Olivier CALVANO" <o.calvano@xxxxxxxxx> wrote:_______________________________________________Anyone know this problems ?2016-03-29 18:22 GMT+02:00 Olivier CALVANO <o.calvano@xxxxxxxxx>:Hiwe use on a new server Squid 3.3.8 on CentOS 7 with a Active Directory Authentification (tested in negotiate_wrapper but sameproblems with ntlm_auth) .That's work's very good a time but without reason, a limited user can't access to internet and i don't know why.In the logs, we have:1459266547.967 1200888 172.16.6.39 NONE_ABORTED/000 0 GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab? olivier HIER_NONE/- -1459266567.771 3538111 172.16.6.14 NONE_ABORTED/000 0 GET http://yahoo.fr/ olivier HIER_NONE/- -1459267856.877 30609 172.16.6.39 NONE_ABORTED/000 0 GET http://officecdn.microsoft.com/Office/Data/v32.cab olivier HIER_NONE/- -1459267917.860 60713 172.16.6.39 NONE_ABORTED/000 0 HEAD http://officecdn.microsoft.com/Office/Data/v32.cab olivier HIER_NONE/- -I don't know why but all logs have "NONE_ABORTED/000"anyone know this errors ?If, on the same PC, i change the username, that's work ! reconnect with the old username and the problems startregardsOlivier
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
