jfernandez
(Juan Carlos Fernandez)
April 9, 2019, 12:51pm
1
NethServer Version: 7.6.1810
Module: squid-3.5.20-999 | nethserver-squid-1.7.4-1 | nethserver-squidguard-1.8.0-1
I have been having trouble with Apple iMac clients access to Internet through Squid when I configured proxy in Authenticated mode. This clients continuously ask for password over and over, you put the user and password and after a time the ask again for credentials.
Also on Windows and Mac, the user/password doesn’t work with MS Office. Word, Excel and any MS Office programs continuously ask for credentials, after hitting cancel five times it stopped for a while.
How can I fix this please?
mrmarkuz
(Markus Neuberger)
April 9, 2019, 5:58pm
2
Do you use the FQDN in clients proxy settings? IP may not work.
http://docs.nethserver.org/en/v7/web_proxy.html#authenticated-mode
Please check the log files in /var/log/squid/
1 Like
jfernandez
(Juan Carlos Fernandez)
April 11, 2019, 3:22pm
3
I’m using the IP, will try putting the FQDN, and give feedback.
What should I look ?
mrmarkuz
(Markus Neuberger)
April 11, 2019, 3:25pm
4
jfernandez:
What should I look ?
The logs show client access and hopefully some errors when a client asks for password over and over.
jfernandez
(Juan Carlos Fernandez)
April 11, 2019, 3:28pm
5
In /var/log/squid/access.log
right ?
mrmarkuz
(Markus Neuberger)
April 11, 2019, 3:31pm
6
And /var/log/squid/cache.log
.
jfernandez
(Juan Carlos Fernandez)
April 11, 2019, 4:39pm
7
On access.log:
1554999816.119 274 192.168.9.172 TCP_DENIED/407 4239 CONNECT meta.wikimedia.org:443 - HIER_NONE/- text/html
1554999816.119 277 192.168.9.172 TCP_DENIED/407 4239 CONNECT meta.wikimedia.org:443 - HIER_NONE/- text/html
1554999816.507 250 192.168.9.172 TCP_DENIED/407 4243 CONNECT login.wikimedia.org:443 - HIER_NONE/- text/html
1554999816.689 285 192.168.9.172 TCP_DENIED/407 4227 CONNECT ssl.gstatic.com:443 - HIER_NONE/- text/html
1554999822.026 274 192.168.9.172 TCP_DENIED/407 4235 CONNECT www.google.com.cu:443 - HIER_NONE/- text/html
1554999822.080 5960 192.168.9.172 TCP_TUNNEL/200 16527 CONNECT meta.wikimedia.org:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/208.80.154.224 -
1554999822.233 4008 192.168.9.172 TCP_DENIED/407 4227 CONNECT www.gstatic.com:443 - HIER_NONE/- text/html
1554999822.233 5866 192.168.9.172 TCP_DENIED/407 4227 CONNECT www.gstatic.com:443 - HIER_NONE/- text/html
1554999825.290 3054 192.168.9.172 TCP_TUNNEL/200 65664 CONNECT www.gstatic.com:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.15.195 -
1554999825.444 129 192.168.9.172 TCP_DENIED/407 4227 CONNECT apis.google.com:443 - HIER_NONE/- text/html
1554999826.130 1 192.168.9.172 TCP_DENIED/407 4347 POST http://ocsp.pki.goog/GTSGIAG3 - HIER_NONE/- text/html
1554999830.010 0 192.168.9.172 TCP_DENIED/407 4247 CONNECT adservice.google.com:443 - HIER_NONE/- text/html
1554999830.762 749 192.168.9.172 TCP_TUNNEL/200 4327 CONNECT adservice.google.com:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/216.58.192.34 -
1554999830.766 0 192.168.9.172 TCP_DENIED/407 4259 CONNECT adservice.google.com.cu:443 - HIER_NONE/- text/html
1554999831.387 618 192.168.9.172 TCP_TUNNEL/200 3632 CONNECT adservice.google.com.cu:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.1.98 -
1554999831.392 0 192.168.9.172 TCP_DENIED/407 4275 CONNECT googleads.g.doubleclick.net:443 - HIER_NONE/- text/html
1554999832.065 0 192.168.9.172 TCP_DENIED/407 4347 POST http://ocsp.pki.goog/GTSGIAG3 - HIER_NONE/- text/html
1554999834.217 2823 192.168.9.172 TCP_TUNNEL/200 3535 CONNECT googleads.g.doubleclick.net:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.0.162 -
1554999834.221 0 192.168.9.172 TCP_DENIED/407 4247 CONNECT adservice.google.com:443 - HIER_NONE/- text/html
1554999834.723 499 192.168.9.172 TCP_TUNNEL/200 911 CONNECT adservice.google.com:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/216.58.192.34 -
1554999834.732 0 192.168.9.172 TCP_DENIED/407 4259 CONNECT adservice.google.com.cu:443 - HIER_NONE/- text/html
1554999835.150 5140 192.168.9.172 TCP_DENIED/407 4223 CONNECT ogs.google.com:443 - HIER_NONE/- text/html
1554999835.212 478 192.168.9.172 TCP_TUNNEL/200 793 CONNECT adservice.google.com.cu:443 jfernandez@LOCAL.DUREROCARIBE.CU HIER_DIRECT/172.217.1.98 -
1554999835.217 0 192.168.9.172 TCP_DENIED/407 4275 CONNECT googleads.g.doubleclick.net:443 - HIER_NONE/- text/h
It’s denying the access for this PC, using Edge, Windows Updates, Windows Defender, etc.
However it allows access when using Mozilla Firefox.
This is the proxy configuration:
On Proxy PAC script I put:
http://proxy.local.durerocaribe.cu/wpad.dat
On Manual proxy configuration:
Address: http://proxy.local.durerocaribe.cu
| Port: 3128
Any ideas? Could it be a certificate issue ?
mrmarkuz
(Markus Neuberger)
April 11, 2019, 6:53pm
8
jfernandez:
Any ideas?
Does it work if you don’t use/activate the PAC script in the Windows proxy settings?
What about the Firefox configuration? Is it set to use system settings or specified proxy?
In case of getting proxy settings HTTP is used AFAIK.