Hi,
I arrived at work today to find that the NTLM authentication on one of my
Squid servers has failed. It was working just fine up until now. Looking
at the logs (messages) it appears that it stopped working sometime around
2:58 PM on Sunday, Jan. 15 (first error I see). Nothing was changed on the
Squid server or as far as I know on the Windows 2003 AD server.
The error is:
Jan 15 14:58:11 VR-Squid (ntlm_auth): [2006/01/15 14:58:11, 0]
utils/ntlm_auth.c:winbind_pw_check(427)
Jan 15 14:58:11 VR-Squid (ntlm_auth): Login for user
[DOMAIN]\[USER.NAME]@[COMPUTERNAME] failed due to [Access denied]
Jan 15 14:58:11 VR-Squid (ntlm_auth): [2006/01/15 14:58:11, 0]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(601)
Jan 15 14:58:11 VR-Squid (ntlm_auth): NTLMSSP BH: NT_STATUS_ACCESS_DENIED
I looked up this error on the Web and found some stuff about rejoining the
domain, etc. but that didn't help. I do see an error in the Win2K3 event
log suggesting a Kerberos issue. I think this was when rejoining the
domain, which appeared to be completely successful:
While processing a TGS request for the target server
host/vr-squid.ridge.k12.wa.us, the account VR-SQUID$@RIDGE.K12.WA.US did not
have a suitable key for generating a Kerberos ticket (the missing key has an
ID of 8). The requested etypes were 2. The accounts available etypes were
23 -133 -128 3 1.
Then there is this one, after I joined again after removing the Squid server
from the domain:
The session setup from computer 'VR-SQUID' failed because the security
database does not contain a trust account 'VR-SQUID$' referenced by the
specified computer.
I wonder if this is Squid or something on the Windows server? I have 4
authenticating Squid servers and this is the only one that has failed.
I am running Squid 2.5STABLE9
Samba 3.0.10
wbinfo -t, -u, -g all succeed.
Things are configured correctly on the Squid server side since it was all
working till a couple of days ago. Has anyone had this happen or have any
ideas how to resolve it?
Thanks,
Geoff
Received on Tue Jan 17 2006 - 10:26:04 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST