Squid Proxy with AD Authentication

Mattpickford · May 22, 2017, 10:15am

NethServer Version: your_version
Module: your_module

Hi Guys,

having a slight issue with installing the proxy server with AD integration. It seems to work for 80% of the time but then randomly it will reject the credentials and the follow error occurring the cache file.

“ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}”

I’m running Windows 2008 Server and the clients are all Windows and running IE 11.

Any advice would be helpful.

Many thanks,
Matt Pickford

davidep · May 23, 2017, 6:48am

Did you set multiple upstream DNS servers?

Could you paste the output of

config show dns
config show sssd

Mattpickford · May 23, 2017, 7:46am

Thanks for your input, the output is as follows…

Should I only have a single DNS IP which is the DC then?

[root@AMANOSRV03 ~]# config show dns
dns=configuration
NameServers=127.0.0.1,41.223.119.155

[root@AMANOSRV03 ~]# config show sssd
sssd=service
AdDns=192.168.2.201
BaseDN=DC=amanocs,DC=local
BindDN=
BindPassword=
GroupDN=DC=amanocs,DC=local
LdapURI=ldap://amanosrv01.amanocs.local
Provider=ad
Realm=AMANOCS.LOCAL
StartTls=
UserDN=DC=amanocs,DC=local
Workgroup=AMANOCS
status=enabled
[root@AMANOSRV03 ~]#

davidep · May 23, 2017, 8:22am

IMO the 127.0.0.1 entry must be removed!

Please go to Server Manager > DNS page and remove it.

Only 41.223.119.155 needs to be set.

alefattorini · May 24, 2017, 9:49am

@Mattpickford did you solve following Davide’s advice?

Mattpickford · May 29, 2017, 6:16am

Well kind of, the error still appears periodically but most clients seem to be able to connect. New issue I’m facing is the WPAD file updating to an IP address rather than host name. Anyway around this or have a solution for forcing domain computers to use the proxy. GP has removed the proxy settings I believe