Strange NTLM problem.

drcimino drcimino <drcimino@xxxxxxxx> · Tue, 28 Jun 2016 08:14:34 +0200

Dear all,

i have a strange problem with my squid 3.5.19 and authentication NTLM.
On my configuration i have 2 auth method:

NTLM negotiated with ntlm_auth from samba 3

auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 200 startup=100 idle=10 concurrency=0
auth_param ntlm keep_alive on

and as a fallback basic ntlm

auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 25 startup=15 idle=5 concurrency=0
auth_param basic realm PROXY AUTHORIZATION REQUIRED
auth_param basic credentialsttl 30 minutes

TTL

authenticate_cache_garbage_interval 1 hours
authenticate_ttl 30 minutes
authenticate_ip_ttl 30 minutes

Groups identification with LDAPS

external_acl_type NAV children-max=200 children-startup=100 children-idle=10 ttl=1800 %LOGIN
/usr/local/squid/libexec/ext_ldap_group_acl -s sub -b "dc=domain,dc=xxx" -D "cn=squid,cn=Users,dc
=domain,dc=xxx" -w "password" -f "(&(objectclass=person)(sAMAccountName=%v)(membero
f=cn=%a,ou=INTERNET,ou=AAA,dc=domain,dc=xxx))" -S -K -H ldaps://domain.xxx:3269

... and all work very well.
Sometimes and randomly, my users reported to me that squid cannot do ntlm transparent authentication and request for user/password pair (falling back to ntlm basic).
Entering right credential does not work and to proceed further  users need to click on "abort" button many times.

On my cache.log i see:

Login for user [DOMAIN][userx]@[PC_XXX] failed due to [Access denied]
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2016/06/27 22:59:06 kid1| ERROR: NTLM Authentication validating user. Result: {result=BH, notes={mes
sage: NT_STATUS_ACCESS_DENIED; }}
2016/06/27 23:00:02| Set Current Directory to /squid/log
2016/06/27 23:10:01| Set Current Directory to /squid/log
2016/06/27 23:20:01| Set Current Directory to /squid/log
2016/06/27 23:21:09 kid1| Logfile: opening log stdio:/var/log/squid/netdb.state
2016/06/27 23:21:09 kid1| Logfile: closing log stdio:/var/log/squid/netdb.state

every times a user receive credential request.
After aborting each requests squid do, users can surf the internet without problems and i cannot replicate the issue.
Trying to close the browser, clear cache, and going to the same site does not produce same error.
Stopping squid, remove cache, starting squid does not produce same error.
It's totally random and i'm going mad to understand why.
Can someone help me to debug and understand the problem?
Any help will be appreciated.

Many thanks.
Giulius.

----

 ZE-Light e ZE-Pro: servizi zimbra per caselle con dominio email.it, per tutti i dettagli  clicca qui

 Sponsor:

 Registra i domini che desideri ed inizia a creare il tuo sito web

 Clicca qui 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

Follow-Ups:

Re:  Strange NTLM problem.
From: Amos Jeffries
Re:  Strange NTLM problem.
From: Bruno de Paula Larini

Prev by Date:
Re:  Running squid on a machine with only one network interface.

Next by Date:
squid with HTTPS and some APPs not working

Previous by thread:
Running squid on a machine with only one network	interface.

Next by thread:
Re:  Strange NTLM problem.

Index(es):

Date
Thread

[Index of Archives]

[Linux Audio Users]

[Samba]

[Big List of Linux Books]

[Linux USB]

[Yosemite News]