Hi I use:
## negotiate kerberos and ntlm authentication auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME auth_param negotiate children 100 startup=10 idle=1 auth_param negotiate keep_alive on ## Module d'authentification NTLM auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 100 startup=10 idle=1 auth_param ntlm keep_alive on ## Si echec du NTLM proposer la fenetre d'authentification auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b dc=mydomain,dc=fr -f sAMAccountName=%s -D cn=Proxy,ou=vpn,dc=mydomain,dc=fr -w "mypass" -t 3 -H 172.16.1.21 auth_param basic children 40 startup=5 idle=1 auth_param basic realm Proxy #auth_param basic credentialsttl 2 hours auth_param basic credentialsttl 1 minute But same problems if i put : ## negotiate kerberos and ntlm authentication #auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME #auth_param negotiate children 100 startup=10 idle=1 #auth_param negotiate keep_alive on Yes i have the login/password of the users (on >5000 accounts, we have 10/20 accounts with this problems) I have a second server but for Hight Availability Sample of problems with one username before 11:17am that's work's at 11:17am username don't have access to internet and in logs we have the error. at 07:30pm the username have now internet access .. regards Olivier 2016-03-30 9:59 GMT+02:00 Kinkie <gkin...@gmail.com>: > Are you using BASIC, ntlm or kerberos? > Do you know that user's password in order to run some tests? > Do you have some other proxy or box where you can run some tests? > AD is a complex system, so the first thing to do is to understand I'd the > problem is caused by ad, by the system, by something related to the user or > to the author helper or to squid. > On Mar 30, 2016 9:50 AM, "Olivier CALVANO" <o.calv...@gmail.com> wrote: > >> Anyone know this problems ? >> >> >> 2016-03-29 18:22 GMT+02:00 Olivier CALVANO <o.calv...@gmail.com>: >> >>> Hi >>> >>> we use on a new server Squid 3.3.8 on CentOS 7 with a Active Directory >>> Authentification (tested in negotiate_wrapper but same >>> problems with ntlm_auth) . >>> >>> That's work's very good a time but without reason, a limited user can't >>> access to internet and i don't know why. >>> >>> In the logs, we have: >>> >>> 1459266547.967 1200888 172.16.6.39 NONE_ABORTED/000 0 GET >>> http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab? >>> olivier HIER_NONE/- - >>> 1459266567.771 3538111 172.16.6.14 NONE_ABORTED/000 0 GET >>> http://yahoo.fr/ olivier HIER_NONE/- - >>> 1459267856.877 30609 172.16.6.39 NONE_ABORTED/000 0 GET >>> http://officecdn.microsoft.com/Office/Data/v32.cab olivier HIER_NONE/- - >>> 1459267917.860 60713 172.16.6.39 NONE_ABORTED/000 0 HEAD >>> http://officecdn.microsoft.com/Office/Data/v32.cab olivier HIER_NONE/- - >>> >>> >>> I don't know why but all logs have "NONE_ABORTED/000" >>> anyone know this errors ? >>> >>> >>> If, on the same PC, i change the username, that's work ! reconnect with >>> the old username and the problems start >>> >>> regards >>> Olivier >>> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >>
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users