[squid-users] Strange NTLM problem.
drcimino drcimino
drcimino at email.it
Tue Jun 28 06:14:34 UTC 2016
Dear all,
i have a strange problem with my squid 3.5.19 and authentication NTLM.
On my configuration i have 2 auth method:
NTLM negotiated with ntlm_auth from samba 3
auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 200 startup=100 idle=10 concurrency=0
auth_param ntlm keep_alive on
and as a fallback basic ntlm
auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 25 startup=15 idle=5 concurrency=0
auth_param basic realm PROXY AUTHORIZATION REQUIRED
auth_param basic credentialsttl 30 minutes
TTL
authenticate_cache_garbage_interval 1 hours
authenticate_ttl 30 minutes
authenticate_ip_ttl 30 minutes
Groups identification with LDAPS
external_acl_type NAV children-max=200 children-startup=100 children-idle=10
ttl=1800 %LOGIN
/usr/local/squid/libexec/ext_ldap_group_acl -s sub -b "dc=domain,dc=xxx" -D
"cn=squid,cn=Users,dc
=domain,dc=xxx" -w "password" -f
"(&(objectclass=person)(sAMAccountName=%v)(membero
f=cn=%a,ou=INTERNET,ou=AAA,dc=domain,dc=xxx))" -S -K -H
ldaps://domain.xxx:3269
... and all work very well.
Sometimes and randomly, my users reported to me that squid cannot do ntlm
transparent authentication and request for user/password pair (falling back
to ntlm basic).
Entering right credential does not work and to proceed further users
need to click on "abort" button many times.
On my cache.log i see:
Login for user [DOMAIN]\[userx]@[PC_XXX] failed due to [Access denied]
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2016/06/27 22:59:06 kid1| ERROR: NTLM Authentication validating user.
Result: {result=BH, notes={mes
sage: NT_STATUS_ACCESS_DENIED; }}
2016/06/27 23:00:02| Set Current Directory to /squid/log
2016/06/27 23:10:01| Set Current Directory to /squid/log
2016/06/27 23:20:01| Set Current Directory to /squid/log
2016/06/27 23:21:09 kid1| Logfile: opening log
stdio:/var/log/squid/netdb.state
2016/06/27 23:21:09 kid1| Logfile: closing log
stdio:/var/log/squid/netdb.state
every times a user receive credential request.
After aborting each requests squid do, users can surf the internet without
problems and i cannot replicate the issue.
Trying to close the browser, clear cache, and going to the same site does
not produce same error.
Stopping squid, remove cache, starting squid does not produce same error.
It's totally random and i'm going mad to understand why.
Can someone help me to debug and understand the problem?
Any help will be appreciated.
Many thanks.
Giulius.
--
ZE-Light e ZE-Pro: servizi zimbra per caselle con dominio email.it, per tutti i dettagli
Clicca qui http://posta.email.it/caselle-di-posta-z-email-it/?utm_campaign=email_Zimbra_102014=main_footer/f
Sponsor:
Registra i domini che desideri ed inizia a creare il tuo sito web
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=13323&d=28-6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160628/17414eef/attachment.html>
More information about the squid-users
mailing list