Re: [squid-users] Squid with AD Authendication problem (windows 2003)- please help

Dear Amos, Thanks for your support, any other way to stop this error from my domain. becouse its keep on coming.   ----- Original Message ---- From: Amos Jeffries <squid3@treenet.co.nz> To: squid-users@squid-cache.org Sent: Wed, March 9, 2011 1:18:20 PM Subject: Re: [squid-users] Squid with AD Authendication problem (windows 2003)- please help On 09/03/11 18:02, Sharik M wrote: >  I have configured squid with AD authentication its working fine Great, so you have no problems. > but I am getting lots of error for authentication failed. > "working fine" equals "lots of error" Oh dear, you (any many others) need to seek psychiatric help. You have been overdosed with marketing language or political speak. /jokses > > squid-2.5.STABLE14-1.4E > samba-3.0.10-1.4E.11 > With todays technology trends towards HTTP/1.1 and dynamic content you need to look at upgrading Squid soonish. Given the versions I'll take a wild guess and say this page might be of some interest:   http://wiki.squid-cache.org/KnowledgeBase/RedHat > > Windows 2003 Domain Audit log failure. > > > Pre-authentication failed: >                  User Name:            proxy$ >                  User ID:                  DOMAIN\proxy$ >                  Service Name:        krbtgt/DOMAIN.HOME >                  Pre-Authentication Type:      0x0 >                  Failure Code:          0x19 >                  Client Address:      10.1.5.12 > > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > K, for starters... "Pre-Authentication" is a general term for what Kerberos or NTLM login *are*. The browser logs into the DC, then sends a ticket from that existing/"pre" login along with requests, so that the Squid helper can ask the DC for permission to let the ticket holder connect. Squid is merely the middleware and has nothing to do with the auth ticket itself. It is received from the browser and passed unchanged to the DC. Somebody on the network it using stale or invalid login tickets. The ones with machine account tickets sounds like they may possibly be the Squid box with a stale ticket. The ones for usernames are more likely stale tickets the users machines have. Good luck. Amos -- Please be using   Current Stable Squid 2.7.STABLE9 or 3.1.11   Beta testers wanted for 3.2.0.5
Received on Wed Mar 09 2011 - 10:29:25 MST