Squid proxy and Windows 2008 R2


(Vincenzo Turri) #1

Hello everyone, I have a problem :pensive: .
I set the Nethserver as a member of domain (Windows 2008 R2) and file server. Everything works perfectly: I create shares and grant rights to groups / Windows users.

wbinfo -g and wbinfo -u return the groups and users list from AD.

After I installed the service proxy “authenticated”.
When calling a site from browser, it requires user and password but does not accept any value.

In /var/log/squid/cache.log I have this error:

6/24/2015 0:08:08 KID1 | Accepting HTTP Socket connections at local = [::]: 3128 remote = [::] FD 12 flags = 9
6/24/2015 0:08:09 KID1 | storeLateRelease: released 0 objects
6/24/2015 1:13:32 KID1 | Starting new negotiateauthenticator helpers ...
6/24/2015 1:13:32 KID1 | helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes
6/24/2015 1:13:32 KID1 | ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'
6/24/2015 1:17:18 KID1 | ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'
6/24/2015 1:17:22 KID1 | ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'

I searched and searched but … no solution. Any ideas?

Webproxy auth on Windows PDC
(Artem Fedai) #2

Yes! Enable testing repo in NethServer repo list, and install updates , there is a new KERB update on proxy!

(Vincenzo Turri) #3

Thanks for your answer!

I enabled the testing repo (on /etc/yum.repos.d/NethServer.repo) and I upgraded.
The squid version now is

squid -v
Squid Cache: Version 3.3.13

It is my first experience with yum (I always used apt).

I tried

yum --enablerepo = nethserver-testing update nethserver-firewall-base-base nethserver nethserver-squid
Loaded plugins: changelog, fastestmirror, nethserver_events soon
Setting up Update Process
Loading mirror speeds from cached HostFile

but the situation does not change.

(Stefano) #4

because you didn’t update/upgrade any package


yum --enablerepo = nethserver-testing list *kerb*

and see if there are any package… if so

yum --enablerepo = nethserver-testing update packagename

(Artem Fedai) #5

yum update -y
nethserver-squid noarch 1.3.6-1.ns6
nethserver-squidguard noarch 1.3.1-1.ns6

(Stefano) #6

never user -y flag with testing repo enabled, it’s a bad habit

and, generally speaking, never use -y flag using yum…

(Artem Fedai) #7

i trust NethServer dev team :slight_smile:

(Vincenzo Turri) #8

Now it works perfectly .
( before the update )

I had two problems .
The first was related to the settings of the browser : the proxy must be indicated with FQN , with IP not working .
The second was related to the client with Windows 2003, which still does not work while the windows 8 pc work properly .


(Artem Fedai) #9

@enzoturri its cool , dance :slight_smile:

(Stefano) #10

with all the respect I owe to them, when I install anything on my servers, before doing it, I read WHAT will be installed (or updated o removed)…

dependencies are evil, remember

I saw “yum -y remove package” destroy a server… package was not a important package itself, its dependencies were…


(Artem Fedai) #11

threr is no EPEL , only NS repo , it couldnot be harmfull and if is a bug , write bug report and i shure it will be close :slight_smile:

(Stefano) #12

my point of view is different…

first rule of a sysadm is “trust no one, neither yourself (memory, sight, knowledge)”


(Artem Fedai) #13

it is true for Linux system at all , but when you setup OpenWRT or NS that contains only trusted repo , you should not worry!

(Alessio Fattorini) #14

BTW @zamboni’s point of view is justified

(Stefano) #15

you’re a young boy, only time will tell/teach :wink:

topic closed for me

(Artem Fedai) #16

not so young , but we helped topic starter ! @alefattorini Close topic pls .

(Vincenzo Turri) #17

I work in a virtual machine specific for this test … with many restore points .
We can close the topic.

I repeat the steps on a clean machine.
thanks @nas @zamboni

(Giacomo Sanchietti) #18

@alessio should we add a “Solved” tag to the topic title?

(Alessio Fattorini) #19

(Alessio Fattorini) #20

Tag added and topic closed. Next Discourse version will have that