<div dir="ltr">Hi<div><br></div><div>I use:</div><div><br></div><div><div>## negotiate kerberos and ntlm authentication</div><div>auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME</div><div>auth_param negotiate children 100 startup=10 idle=1</div><div>auth_param negotiate keep_alive on</div><div><br></div><div>## Module d'authentification NTLM</div><div>auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp</div><div>auth_param ntlm children 100 startup=10 idle=1</div><div>auth_param ntlm keep_alive on</div><div><br></div><div>## Si echec du NTLM proposer la fenetre d'authentification</div><div>auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b dc=mydomain,dc=fr -f sAMAccountName=%s -D cn=Proxy,ou=vpn,dc=mydomain,dc=fr -w "mypass" -t 3 -H 172.16.1.21</div><div>auth_param basic children 40 startup=5 idle=1</div><div>auth_param basic realm Proxy</div><div>#auth_param basic credentialsttl 2 hours</div><div>auth_param basic credentialsttl 1 minute</div></div><div><br></div><div><br></div><div>But same problems if i put :</div><div><div><br></div><div>## negotiate kerberos and ntlm authentication</div><div>#auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME</div><div>#auth_param negotiate children 100 startup=10 idle=1</div><div>#auth_param negotiate keep_alive on</div></div><div><br></div><div><br></div><div><br></div><div>Yes i have the login/password of the users (on >5000 accounts, we have 10/20 accounts with this problems)</div><div><br></div><div><br></div><div>I have a second server but for Hight Availability</div><div><br></div><div><br></div><div>Sample of problems with one username</div><div> before 11:17am that's work's</div><div> at 11:17am username don't have access to internet and in logs we have the error.</div><div> at 07:30pm the username have now internet access ..</div><div><br></div><div><br></div><div>regards</div><div>Olivier</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-03-30 9:59 GMT+02:00 Kinkie <span dir="ltr"><<a href="mailto:gkinkie@gmail.com" target="_blank">gkinkie@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Are you using BASIC, ntlm or kerberos?<br>
Do you know that user's password in order to run some tests?<br>
Do you have some other proxy or box where you can run some tests?<br>
AD is a complex system, so the first thing to do is to understand I'd the problem is caused by ad, by the system, by something related to the user or to the author helper or to squid.</p>
<div class="gmail_quote"><div><div class="h5">On Mar 30, 2016 9:50 AM, "Olivier CALVANO" <<a href="mailto:o.calvano@gmail.com" target="_blank">o.calvano@gmail.com</a>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Anyone know this problems ?<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-03-29 18:22 GMT+02:00 Olivier CALVANO <span dir="ltr"><<a href="mailto:o.calvano@gmail.com" target="_blank">o.calvano@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi<div><br></div><div>we use on a new server Squid 3.3.8 on CentOS 7 with a Active Directory Authentification (tested in negotiate_wrapper but same</div><div>problems with ntlm_auth) .</div><div><br></div><div>That's work's very good a time but without reason, a limited user can't access to internet and i don't know why.</div><div><br></div><div>In the logs, we have:</div><div><br></div><div><div>1459266547.967 1200888 172.16.6.39 NONE_ABORTED/000 0 GET <a href="http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab" target="_blank">http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab</a>? olivier HIER_NONE/- -</div><div>1459266567.771 3538111 172.16.6.14 NONE_ABORTED/000 0 GET <a href="http://yahoo.fr/" target="_blank">http://yahoo.fr/</a> olivier HIER_NONE/- -</div></div><div>1459267856.877 30609 172.16.6.39 NONE_ABORTED/000 0 GET <a href="http://officecdn.microsoft.com/Office/Data/v32.cab" target="_blank">http://officecdn.microsoft.com/Office/Data/v32.cab</a> olivier HIER_NONE/- -<br></div><div><div>1459267917.860 60713 172.16.6.39 NONE_ABORTED/000 0 HEAD <a href="http://officecdn.microsoft.com/Office/Data/v32.cab" target="_blank">http://officecdn.microsoft.com/Office/Data/v32.cab</a> olivier HIER_NONE/- -</div><div><br></div></div><div><br></div><div>I don't know why but all logs have "NONE_ABORTED/000"</div><div>anyone know this errors ?<br></div><div><br></div><div><br></div><div>If, on the same PC, i change the username, that's work ! reconnect with the old username and the problems start</div><div><br></div><div>regards</div><span><font color="#888888"><div>Olivier</div></font></span></div>
</blockquote></div><br></div>
<br></div></div>_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br></blockquote></div>
</blockquote></div><br></div>