Не получается пройти авторизацию. В браузере появляется окно ввожу логин пароль но сайты не открываются.
В чём может быть причина. Домен на 2008 R2.
Все группы находятся в папке Groups, которая создана по умолчанию в корне домена. Пользователи находятся в company\users и там они разгруппированы по трём папкам, сама company находится в корне домена
Вот строка авторизации
Код: Выделить всё
external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b "dc=company,dc=loc" -D squid@company.loc -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Groups,DC=company,DC=loc))" -h dc-02.company.loc dc-01.company.loc
Код: Выделить всё
tail -f /var/log/squid3/cache.log
2014/11/12 16:33:55| helperOpenServers: No 'basic_ldap_auth' processes needed.
2014/11/12 16:33:55| helperOpenServers: Starting 5/5 'ext_ldap_group_acl' processes
2014/11/12 16:33:55| HTCP Disabled.
2014/11/12 16:33:55| Pinger socket opened on FD 164
2014/11/12 16:33:55| Loaded Icons.
2014/11/12 16:33:55| Accepting HTTP Socket connections at local=10.10.3.13:3128 remote=[::] FD 160 flags=9
2014/11/12 16:33:55| Accepting HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 161 flags=9
2014/11/12 16:33:55| pinger: Initialising ICMP pinger ...
2014/11/12 16:33:55| pinger: ICMP socket opened.
2014/11/12 16:33:55| pinger: ICMPv6 socket opened
2014/11/12 16:34:05| ERROR: Negotiate Authentication validating user. Error returned 'BH NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL'
2014/11/12 16:34:05| ERROR: Negotiate Authentication validating user. Error returned 'BH NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL'
2014/11/12 16:34:06| ERROR: Negotiate Authentication validating user. Error returned 'BH NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL'
Код: Выделить всё
/usr/lib/squid3/ext_ldap_group_acl -d -v 3 -P -R -K -b "dc=company,dc=loc" -D squid@company.loc -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Groups,DC=company,DC=loc))" -h dc-02.company.loc dc-01.company.loc
leontyeven Internet-Full-Auth
ext_ldap_group_acl.cc(587): pid=2381 :Connected OK
ext_ldap_group_acl.cc(726): pid=2381 :group filter '(&(objectclass=person)(sAMAccountName=leontyeven)(memberOf:1.2.840.113556.1.4.1941:=cn=Internet-Full-Auth,OU=Groups,DC=company,DC=loc))', searchbase 'dc=company,dc=loc'
ERR
leontyeven Internet-Full-Anon
ext_ldap_group_acl.cc(726): pid=2381 :group filter '(&(objectclass=person)(sAMAccountName=leontyeven)(memberOf:1.2.840.113556.1.4.1941:=cn=Internet-Full-Anon,OU=Groups,DC=company,DC=loc))', searchbase 'dc=company,dc=loc'
OK
maks Internet-Full-Anon
ext_ldap_group_acl.cc(726): pid=2381 :group filter '(&(objectclass=person)(sAMAccountName=maks)(memberOf:1.2.840.113556.1.4.1941:=cn=Internet-Full-Anon,OU=Groups,DC=company,DC=loc))', searchbase 'dc=company,dc=loc'
OK
Код: Выделить всё
squid3 -k parse
2014/11/13 11:01:47| Startup: Initializing Authentication Schemes ...
2014/11/13 11:01:47| Startup: Initialized Authentication Scheme 'basic'
2014/11/13 11:01:47| Startup: Initialized Authentication Scheme 'digest'
2014/11/13 11:01:47| Startup: Initialized Authentication Scheme 'negotiate'
2014/11/13 11:01:47| Startup: Initialized Authentication Scheme 'ntlm'
2014/11/13 11:01:47| Startup: Initialized Authentication.
2014/11/13 11:01:47| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2014/11/13 11:01:47| Processing: auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib/squid3/negotiate_kerberos_auth -r -s HTTP/PR-01.company.loc@company.LOC
2014/11/13 11:01:47| Processing: auth_param negotiate children 200 startup=50 idle=10
2014/11/13 11:01:47| Processing: auth_param negotiate keep_alive off
2014/11/13 11:01:47| Processing: auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
2014/11/13 11:01:47| Processing: auth_param ntlm children 100 startup=20 idle=5
2014/11/13 11:01:47| Processing: auth_param ntlm keep_alive off
2014/11/13 11:01:47| Processing: auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -P -R -b "dc=company,dc=loc" -D squid@company.loc -W /etc/squid3/conf_param_ldappass.txt -f sAMAccountName=%s -h dc-02.company.loc dc-01.company.loc
2014/11/13 11:01:47| Processing: auth_param basic children 20
2014/11/13 11:01:47| Processing: auth_param basic realm "PR-01 SQUID Proxy Server Basic authentication!"
2014/11/13 11:01:47| Processing: auth_param basic credentialsttl 2 hours
2014/11/13 11:01:47| Processing: external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b "dc=company,dc=loc" -D squid@company.loc -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Groups,DC=company,DC=loc))" -h dc-02.company.loc dc-01.company.loc
2014/11/13 11:01:47| Processing: acl auth proxy_auth REQUIRED
2014/11/13 11:01:47| Processing: acl BlockedAccess external memberof "/etc/squid3/conf_param_groups_blocked.txt"
2014/11/13 11:01:47| Processing: acl RestrictedAccess external memberof "/etc/squid3/conf_param_groups_restricted.txt"
2014/11/13 11:01:47| Processing: acl StandardAccess external memberof "/etc/squid3/conf_param_groups_standard.txt"
2014/11/13 11:01:47| Processing: acl FullAccess external memberof "/etc/squid3/conf_param_groups_full_auth.txt"
2014/11/13 11:01:47| Processing: acl AnonymousAccess external memberof "/etc/squid3/conf_param_groups_full_anon.txt"
2014/11/13 11:01:47| Processing: acl allowedsites dstdomain "/etc/squid3/conf_param_sites_allowed.txt"
2014/11/13 11:01:47| Processing: acl blockedsites dstdomain "/etc/squid3/conf_param_sites_blocked.txt"
2014/11/13 11:01:47| Processing: acl prioritysites dstdomain "/etc/squid3/conf_param_sites_priority.txt"
2014/11/13 11:01:47| Processing: acl LocalWUServers src "/etc/squid3/conf_param_computers_wsus.txt"
2014/11/13 11:01:47| Processing: acl GlobalWUSites dstdomain "/etc/squid3/conf_param_sites_wsus.txt"
2014/11/13 11:01:47| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
2014/11/13 11:01:47| Processing: acl SSL_ports port 443
2014/11/13 11:01:47| Processing: acl Safe_ports port 80 # http
2014/11/13 11:01:47| Processing: acl Safe_ports port 21 # ftp
2014/11/13 11:01:47| Processing: acl Safe_ports port 443 # https
2014/11/13 11:01:47| Processing: acl Safe_ports port 70 # gopher
2014/11/13 11:01:47| Processing: acl Safe_ports port 210 # wais
2014/11/13 11:01:47| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2014/11/13 11:01:47| Processing: acl Safe_ports port 280 # http-mgmt
2014/11/13 11:01:47| Processing: acl Safe_ports port 488 # gss-http
2014/11/13 11:01:47| Processing: acl Safe_ports port 591 # filemaker
2014/11/13 11:01:47| Processing: acl Safe_ports port 777 # multiling http
2014/11/13 11:01:47| Processing: acl CONNECT method CONNECT
2014/11/13 11:01:47| Processing: http_access deny !Safe_ports
2014/11/13 11:01:47| Processing: http_access deny CONNECT !SSL_ports
2014/11/13 11:01:47| Processing: http_access allow localhost manager
2014/11/13 11:01:47| Processing: http_access allow localnet manager
2014/11/13 11:01:47| Processing: http_access deny manager
2014/11/13 11:01:47| Processing: http_access allow GlobalWUSites LocalWUServers
2014/11/13 11:01:47| Processing: http_access allow prioritysites localnet
2014/11/13 11:01:47| Processing: http_access deny !auth
2014/11/13 11:01:47| Processing: http_access deny BlockedAccess all
2014/11/13 11:01:47| Processing: http_access allow allowedsites localnet
2014/11/13 11:01:47| Processing: http_access deny RestrictedAccess all
2014/11/13 11:01:47| Processing: http_access allow AnonymousAccess auth localnet
2014/11/13 11:01:47| Processing: http_access allow FullAccess auth localnet
2014/11/13 11:01:47| Processing: http_access deny blockedsites
2014/11/13 11:01:47| Processing: http_access allow StandardAccess auth localnet
2014/11/13 11:01:47| Processing: http_access deny all
2014/11/13 11:01:47| Processing: http_port 10.10.3.13:3128
2014/11/13 11:01:47| Processing: http_port 127.0.0.1:3128
2014/11/13 11:01:47| Processing: hierarchy_stoplist cgi-bin ?
2014/11/13 11:01:47| Processing: forward_max_tries 25
2014/11/13 11:01:47| Processing: cache_mem 2048 MB
2014/11/13 11:01:47| Processing: maximum_object_size_in_memory 2048 KB
2014/11/13 11:01:47| Processing: memory_replacement_policy heap GDSF
2014/11/13 11:01:47| Processing: cache_replacement_policy heap LFUDA
2014/11/13 11:01:47| Processing: cache_dir ufs /mnt/squid-cache/ 7000 16 256
2014/11/13 11:01:47| Processing: maximum_object_size 32768 KB
2014/11/13 11:01:47| Processing: access_log daemon:/var/log/squid3/access.log squid !AnonymousAccess
2014/11/13 11:01:47| Processing: cache_log /var/log/squid3/cache.log
2014/11/13 11:01:47| Processing: coredump_dir /var/spool/squid3
2014/11/13 11:01:47| Processing: refresh_pattern ^ftp: 1440 20% 10080
2014/11/13 11:01:47| Processing: refresh_pattern ^gopher: 1440 0% 1440
2014/11/13 11:01:47| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2014/11/13 11:01:47| Processing: refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
2014/11/13 11:01:47| Processing: refresh_pattern . 0 20% 4320
2014/11/13 11:01:47| Processing: cache_mgr maks@company.loc
2014/11/13 11:01:47| Processing: httpd_suppress_version_string on
2014/11/13 11:01:47| Processing: visible_hostname ABK
2014/11/13 11:01:47| Processing: error_directory /usr/share/squid3/errors/ru
2014/11/13 11:01:47| Processing: error_default_language ru
2014/11/13 11:01:47| Processing: dns_v4_first on
2014/11/13 11:01:47| Processing: forwarded_for delete
2014/11/13 11:01:47| Processing: cachemgr_passwd StrOnG_PaZsZw0rD all