Issue with web proxy with authentication

NethServer Version: 7.9.2009
Module: Web Proxy & Filter

Hello, I’ve got a problem with Web Proxy & Filter configuration. I’ve tried to look for similar topics but nothing solves my issue :frowning:

Because of server hardware failure I was forced to reinstall everything, so that I decided to install newest version of Nethserver. Previously I was using some older, probably 7.7.

There I had configured AD Server, DNS, DHCP and Web Proxy on single server. I wanted to do it same way now.
AD, DNS, DHCP are working correctly so next step was to enable proxy with whitelisting of some domains only.

Unfortunately I cannot configure web proxy.
Proxy is enabled, in “authenticated” mode for Green and Trusted networks, also tried with Blue, but I don’t have Blue network configured.
Browsers (Edge, Chrome) are continously asking for credentials (I am logged in as AD user to Windows PC) and these browsers cannot authenticate in squid.
In /var/log/squid/cache.log I can see:
2021/03/28 18:20:09| negotiate_kerberos_auth: INFO: User not authenticated
2021/03/28 18:20:09 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. No key table entry found matching HTTP/router.xxx.local@; }}

When using Firefox I can authenticate (but I have to do it once, credentials are not taken from AD/Kerberos).
I was trying everything on client PC:

  • Manual setting DNS
  • Manual setting of proxy configuration (with FQDN as proxy address)
  • Manual setting of /var/www/html/wpad.dat file on the Nethserver
  • Restarting Nethserver
  • Restarting Windows client
  • Testing on Windows 10/7
  • Creation of new AD users, doublechecking passwords…
  • I’ve also tried different dns names used by nethserver: router.ad.xxx.local, router.xxx.local, wpad.ad.xxx.local, ad.xxx.local

Maybe someone had similar issue with Web Proxy? Please help :slight_smile:

Hi @Maciej_Bursztynowski
Welcome to the community.
Could you please try to edit your host file like here:
http://blog.pre-system.de/2017/04/04/kerberos-authentication-error-in-cache-log-on-squid-server/

Also you should have a look here:

2 Likes

Hello @m.traeumner

Thanks for the hint, but as I can see it is by default in this Nethserver:
192.168.1.1 router.xxx.local router wpad.xxx.local proxy.xxx.local router.ad.xxx.local

so it wouldn’t help here :frowning:

Does the wpad.dat contain the IP instead of the FQDN? This one may be of help:

1 Like

I am sorry for long no-reply, but corona virus got me.
wpad.dat file was created with IP, then I switched to FQDN. It didn’t help too :frowning:

I hope you’re well again…

Did you try to authenticate with username@ad.domain ?

2 Likes