[squid-users] Strange NTLM problem.

Tue Jun 28 06:14:34 UTC 2016

Dear all,

i have a strange problem with my squid 3.5.19 and authentication NTLM.

On my configuration i have 2 auth method:

NTLM negotiated with ntlm_auth from samba 3

auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp

auth_param ntlm children 200 startup=100 idle=10 concurrency=0

auth_param ntlm keep_alive on

and as a fallback basic ntlm

auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic

auth_param basic children 25 startup=15 idle=5 concurrency=0

auth_param basic realm PROXY AUTHORIZATION REQUIRED

auth_param basic credentialsttl 30 minutes

TTL

authenticate_cache_garbage_interval 1 hours

authenticate_ttl 30 minutes

authenticate_ip_ttl 30 minutes

Groups identification with LDAPS

external_acl_type NAV children-max=200 children-startup=100 children-idle=10
ttl=1800 %LOGIN

/usr/local/squid/libexec/ext_ldap_group_acl -s sub -b "dc=domain,dc=xxx" -D
"cn=squid,cn=Users,dc

=domain,dc=xxx" -w "password" -f
"(&(objectclass=person)(sAMAccountName=%v)(membero

f=cn=%a,ou=INTERNET,ou=AAA,dc=domain,dc=xxx))" -S -K -H
ldaps://domain.xxx:3269

... and all work very well.

Sometimes and randomly, my users reported to me that squid cannot do ntlm
transparent authentication and request for user/password pair (falling back
to ntlm basic).

Entering right credential does not work and to proceed further  users
need to click on "abort" button many times.

On my cache.log i see:

Login for user [DOMAIN]\[userx]@[PC_XXX] failed due to [Access denied]

NTLMSSP BH: NT_STATUS_ACCESS_DENIED

2016/06/27 22:59:06 kid1| ERROR: NTLM Authentication validating user.
Result: {result=BH, notes={mes

sage: NT_STATUS_ACCESS_DENIED; }}

2016/06/27 23:00:02| Set Current Directory to /squid/log

2016/06/27 23:10:01| Set Current Directory to /squid/log

2016/06/27 23:20:01| Set Current Directory to /squid/log

2016/06/27 23:21:09 kid1| Logfile: opening log
stdio:/var/log/squid/netdb.state

2016/06/27 23:21:09 kid1| Logfile: closing log
stdio:/var/log/squid/netdb.state

every times a user receive credential request.

After aborting each requests squid do, users can surf the internet without
problems and i cannot replicate the issue.

Trying to close the browser, clear cache, and going to the same site does
not produce same error.

Stopping squid, remove cache, starting squid does not produce same error.

It's totally random and i'm going mad to understand why.

Can someone help me to debug and understand the problem?

Any help will be appreciated.

Many thanks.

Giulius.

 --
 ZE-Light e ZE-Pro: servizi zimbra per caselle con dominio email.it, per tutti i dettagli 
Clicca qui http://posta.email.it/caselle-di-posta-z-email-it/?utm_campaign=email_Zimbra_102014=main_footer/f

 Sponsor:
 Registra i domini che desideri ed inizia a creare il tuo sito web
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=13323&d=28-6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160628/17414eef/attachment.html>