Proxy issues with iMac and Office

jfernandez · 2019-04-09 12:51:06 UTC

NethServer Version: 7.6.1810
Module: squid-3.5.20-999 | nethserver-squid-1.7.4-1 | nethserver-squidguard-1.8.0-1

I have been having trouble with Apple iMac clients access to Internet through Squid when I configured proxy in Authenticated mode. This clients continuously ask for password over and over, you put the user and password and after a time the ask again for credentials.

Also on Windows and Mac, the user/password doesn’t work with MS Office. Word, Excel and any MS Office programs continuously ask for credentials, after hitting cancel five times it stopped for a while.

How can I fix this please?

mrmarkuz · 2019-04-09 17:58:32 UTC

Do you use the FQDN in clients proxy settings? IP may not work.

http://docs.nethserver.org/en/v7/web_proxy.html#authenticated-mode

Please check the log files in /var/log/squid/

jfernandez · 2019-04-11 15:22:19 UTC

I’m using the IP, will try putting the FQDN, and give feedback.

What should I look ?

mrmarkuz · 2019-04-11 15:25:53 UTC

The logs show client access and hopefully some errors when a client asks for password over and over.

jfernandez · 2019-04-11 15:28:35 UTC

In /var/log/squid/access.log right ?

mrmarkuz · 2019-04-11 15:31:56 UTC

And /var/log/squid/cache.log.

jfernandez · 2019-04-11 16:39:29 UTC

On access.log:

1554999816.119    274 192.168.9.172 TCP_DENIED/407 4239 CONNECT meta.wikimedia.org:443 - HIER_NONE/- text/html
1554999816.119    277 192.168.9.172 TCP_DENIED/407 4239 CONNECT meta.wikimedia.org:443 - HIER_NONE/- text/html
1554999816.507    250 192.168.9.172 TCP_DENIED/407 4243 CONNECT login.wikimedia.org:443 - HIER_NONE/- text/html
1554999816.689    285 192.168.9.172 TCP_DENIED/407 4227 CONNECT ssl.gstatic.com:443 - HIER_NONE/- text/html
1554999822.026    274 192.168.9.172 TCP_DENIED/407 4235 CONNECT www.google.com.cu:443 - HIER_NONE/- text/html
1554999822.080   5960 192.168.9.172 TCP_TUNNEL/200 16527 CONNECT meta.wikimedia.org:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/208.80.154.224 -
1554999822.233   4008 192.168.9.172 TCP_DENIED/407 4227 CONNECT www.gstatic.com:443 - HIER_NONE/- text/html
1554999822.233   5866 192.168.9.172 TCP_DENIED/407 4227 CONNECT www.gstatic.com:443 - HIER_NONE/- text/html
1554999825.290   3054 192.168.9.172 TCP_TUNNEL/200 65664 CONNECT www.gstatic.com:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.15.195 -
1554999825.444    129 192.168.9.172 TCP_DENIED/407 4227 CONNECT apis.google.com:443 - HIER_NONE/- text/html
1554999826.130      1 192.168.9.172 TCP_DENIED/407 4347 POST http://ocsp.pki.goog/GTSGIAG3 - HIER_NONE/- text/html
1554999830.010      0 192.168.9.172 TCP_DENIED/407 4247 CONNECT adservice.google.com:443 - HIER_NONE/- text/html
1554999830.762    749 192.168.9.172 TCP_TUNNEL/200 4327 CONNECT adservice.google.com:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/216.58.192.34 -
1554999830.766      0 192.168.9.172 TCP_DENIED/407 4259 CONNECT adservice.google.com.cu:443 - HIER_NONE/- text/html
1554999831.387    618 192.168.9.172 TCP_TUNNEL/200 3632 CONNECT adservice.google.com.cu:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.1.98 -
1554999831.392      0 192.168.9.172 TCP_DENIED/407 4275 CONNECT googleads.g.doubleclick.net:443 - HIER_NONE/- text/html
1554999832.065      0 192.168.9.172 TCP_DENIED/407 4347 POST http://ocsp.pki.goog/GTSGIAG3 - HIER_NONE/- text/html
1554999834.217   2823 192.168.9.172 TCP_TUNNEL/200 3535 CONNECT googleads.g.doubleclick.net:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.0.162 -
1554999834.221      0 192.168.9.172 TCP_DENIED/407 4247 CONNECT adservice.google.com:443 - HIER_NONE/- text/html
1554999834.723    499 192.168.9.172 TCP_TUNNEL/200 911 CONNECT adservice.google.com:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/216.58.192.34 -
1554999834.732      0 192.168.9.172 TCP_DENIED/407 4259 CONNECT adservice.google.com.cu:443 - HIER_NONE/- text/html
1554999835.150   5140 192.168.9.172 TCP_DENIED/407 4223 CONNECT ogs.google.com:443 - HIER_NONE/- text/html
1554999835.212    478 192.168.9.172 TCP_TUNNEL/200 793 CONNECT adservice.google.com.cu:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.1.98 -
1554999835.217      0 192.168.9.172 TCP_DENIED/407 4275 CONNECT googleads.g.doubleclick.net:443 - HIER_NONE/- text/h

It’s denying the access for this PC, using Edge, Windows Updates, Windows Defender, etc.
However it allows access when using Mozilla Firefox.

This is the proxy configuration:

On Proxy PAC script I put:
http://proxy.local.durerocaribe.cu/wpad.dat

On Manual proxy configuration:
Address: http://proxy.local.durerocaribe.cu | Port: 3128

Any ideas? Could it be a certificate issue ?

mrmarkuz · 2019-04-11 18:53:11 UTC

Does it work if you don’t use/activate the PAC script in the Windows proxy settings?

What about the Firefox configuration? Is it set to use system settings or specified proxy?

In case of getting proxy settings HTTP is used AFAIK.