Dear Amos,
Thanks for your support, any other way to stop this error from my domain.
becouse its keep on coming.
----- Original Message ----
From: Amos Jeffries <squid3@treenet.co.nz>
To: squid-users@squid-cache.org
Sent: Wed, March 9, 2011 1:18:20 PM
Subject: Re: [squid-users] Squid with AD Authendication problem (windows 2003)-
please help
On 09/03/11 18:02, Sharik M wrote:
> I have configured squid with AD authentication its working fine
Great, so you have no problems.
> but I am getting lots of error for authentication failed.
>
"working fine" equals "lots of error"
Oh dear, you (any many others) need to seek psychiatric help. You have been
overdosed with marketing language or political speak.
/jokses
>
> squid-2.5.STABLE14-1.4E
> samba-3.0.10-1.4E.11
>
With todays technology trends towards HTTP/1.1 and dynamic content you need to
look at upgrading Squid soonish.
Given the versions I'll take a wild guess and say this page might be of some
interest:
http://wiki.squid-cache.org/KnowledgeBase/RedHat
>
> Windows 2003 Domain Audit log failure.
>
>
> Pre-authentication failed:
> User Name: proxy$
> User ID: DOMAIN\proxy$
> Service Name: krbtgt/DOMAIN.HOME
> Pre-Authentication Type: 0x0
> Failure Code: 0x19
> Client Address: 10.1.5.12
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
K, for starters...
"Pre-Authentication" is a general term for what Kerberos or NTLM login *are*.
The browser logs into the DC, then sends a ticket from that existing/"pre" login
along with requests, so that the Squid helper can ask the DC for permission to
let the ticket holder connect.
Squid is merely the middleware and has nothing to do with the auth ticket
itself. It is received from the browser and passed unchanged to the DC.
Somebody on the network it using stale or invalid login tickets. The ones with
machine account tickets sounds like they may possibly be the Squid box with a
stale ticket. The ones for usernames are more likely stale tickets the users
machines have.
Good luck.
Amos
-- Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5
Received on Wed Mar 09 2011 - 10:29:25 MST
This archive was generated by hypermail 2.2.0 : Wed Mar 09 2011 - 12:00:01 MST