[squid-users] You MUST specify at least one Domain Controller.You can use either \ or / as separator between the domain name

Amos Jeffries squid3 at treenet.co.nz
Fri Dec 19 14:46:04 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/12/2014 1:08 p.m., Ahmed Allzaeem wrote:
> If you look @ the logs , it seems it  recognize a username when it
> allow , but when it deny it don’t recognize a username
> 

The 407 is sent because there is nobody authenticated. Nobody
authenticated means no username.


> Plz look @ logs below : N username here , but I put the username
> "b"
>> 1418996889.943      2 192.168.1.5 TCP_DENIED/407 4189 GET
>> http://google.com/ - NONE/- text/html

One of teh 407 is before you put any username in. The second one is
after you entered username, but before its fully authenticated.

> 
> 
> Down  here itc MISS , u will see the username "b" after the
> google.com
>> 1418996897.774   7830 192.168.1.5 TCP_MISS/302 1258 GET
>> http://google.com/ b DIRECT/74.125.232.228 text/html
> 
> Compare both of them U will see that user "b" ibcluded when its
> allowed
> 
> Im not sure why all of that slow in Kerberos ???!!!

You are not using Kerberos. You are using NTLM.

Kerberos is part of the "Negotiate" auth scheme.


Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUlDorAAoJELJo5wb/XPRjBjkIANDA0SQMtglLVBj/6reDISIj
goYqOQzq4Aw5hP60RcDuIazo//mHTHLLFRof95hmIFCRlo3kHt4aF9EFKQ03gih1
+jvbQ4V2MdZq3+oJiULGhME73DjpZOe9mxhz5FZFMGkOazOd+LIVhipXeoJbK7As
BkpCqHnY7N0l4QtvwO85Ea+9jdSC5dws7CIcrN6+J49h7g/J5b7jQRgOdhm+2MoE
jg936RA8dM3i/usW7E/CRfdvAS4N7BUXtRsbk88I/YgRJhXRRhpl2FUOa9dCoJXT
ol1jibwWjyc1Kjsmn/MZLIBiMrhrBnNOSjSZXldGslEvRN60HptPxetQ4WDgpBw=
=L19J
-----END PGP SIGNATURE-----


More information about the squid-users mailing list