Show Posts

Installation and Upgrades / Zentyal 4.0. Proxy SSO doesn't work then enabled. And, regular auth won't work.

« on: November 26, 2014, 02:44:41 pm »

Proxy SSO doesn't work. I installed Zentyall as domain controller for home network with few Win7 64bit PCs, user successfully logs in to PC with domain account, then, if he uses any installed browser (IE 11, Chrome), he gets auth request window. So SSO doesn't work. In auth request window his password won't work, finally he get unathorized proxy page. So, traditional proxy auth won't work too then proxy SSO turned on.

There is a lot of 407 errors in squid access.log and a lot of similar errors in cache.log:

Code: [Select]

2014/11/26 04:32:26| ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'
Full log from squid start:

Code: [Select]

2014/11/26 04:28:42| Starting Squid Cache version 3.3.8 for x86_64-pc-linux-gnu...
2014/11/26 04:28:42| Process ID 48569
2014/11/26 04:28:42| Process Roles: master worker
2014/11/26 04:28:42| With 65536 file descriptors available
2014/11/26 04:28:42| Initializing IP Cache...
2014/11/26 04:28:42| DNS Socket created at [::], FD 5
2014/11/26 04:28:42| DNS Socket created at 0.0.0.0, FD 6
2014/11/26 04:28:42| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/26 04:28:42| Adding domain hq.starcorp.local from /etc/resolv.conf
2014/11/26 04:28:42| helperOpenServers: Starting 0/20 'basic_ldap_auth' processes
2014/11/26 04:28:42| helperOpenServers: No 'basic_ldap_auth' processes needed.
2014/11/26 04:28:42| helperOpenServers: Starting 5/5 'ext_ldap_group_acl' processes
2014/11/26 04:28:42| Logfile: opening log /var/log/squid3/access.log
2014/11/26 04:28:42| WARNING: log parameters now start with a module name. Use 'stdio:/var/log/squid3/access.log'
2014/11/26 04:28:42| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/11/26 04:28:42| Logfile: opening log /var/log/squid3/store.log
2014/11/26 04:28:42| WARNING: log parameters now start with a module name. Use 'stdio:/var/log/squid3/store.log'
2014/11/26 04:28:42| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/11/26 04:28:42| Target number of buckets: 1008
2014/11/26 04:28:42| Using 8192 Store buckets
2014/11/26 04:28:42| Max Mem  size: 262144 KB
2014/11/26 04:28:42| Max Swap size: 0 KB
2014/11/26 04:28:42| Using Least Load store dir selection
2014/11/26 04:28:42| Set Current Directory to /var/spool/squid3
2014/11/26 04:28:42| Loaded Icons.
2014/11/26 04:28:42| HTCP Disabled.
2014/11/26 04:28:42| commBind: Cannot bind socket FD 20 to [::1]: (99) Cannot assign requested address
2014/11/26 04:28:42| commBind: Cannot bind socket FD 21 to [::1]: (99) Cannot assign requested address
2014/11/26 04:28:42| ERROR: Failed to create helper child read FD: UDP[::1]
2014/11/26 04:28:42| Configuring Parent 127.0.0.1/3129/0
2014/11/26 04:28:42| Squid plugin modules loaded: 0
2014/11/26 04:28:42| Adaptation support is off.
2014/11/26 04:28:42| Accepting HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 19 flags=9
2014/11/26 04:28:43| storeLateRelease: released 0 objects
2014/11/26 04:29:02| netdbExchangeHandleReply: corrupt data, aborting
2014/11/26 04:29:33| Starting new basicauthenticator helpers...
2014/11/26 04:29:33| helperOpenServers: Starting 1/20 'basic_ldap_auth' processes
2014/11/26 04:30:53| 127.0.0.1 digest requires version 17487; have: 5
2014/11/26 04:30:53| temporary disabling (invalid digest cblock) digest from 127.0.0.1
2014/11/26 04:31:43| TCP connection to 127.0.0.1/3129 failed
2014/11/26 04:31:43| Preparing for shutdown after 191 requests
2014/11/26 04:31:43| Waiting 30 seconds for active connections to finish
2014/11/26 04:31:43| Closing HTTP port 0.0.0.0:3128
2014/11/26 04:31:43| Shutdown: NTLM authentication.
2014/11/26 04:31:43| Shutdown: Negotiate authentication.
2014/11/26 04:31:43| Shutdown: Digest authentication.
2014/11/26 04:31:43| Shutdown: Basic authentication.
2014/11/26 04:31:48| Starting Squid Cache version 3.3.8 for x86_64-pc-linux-gnu...
2014/11/26 04:31:48| Process ID 50572
2014/11/26 04:31:48| Process Roles: master worker
2014/11/26 04:31:48| With 65536 file descriptors available
2014/11/26 04:31:48| Initializing IP Cache...
2014/11/26 04:31:48| DNS Socket created at [::], FD 5
2014/11/26 04:31:48| DNS Socket created at 0.0.0.0, FD 6
2014/11/26 04:31:48| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/26 04:31:48| Adding domain hq.starcorp.local from /etc/resolv.conf
2014/11/26 04:31:48| helperOpenServers: Starting 0/10 'negotiate_kerberos_auth' processes
2014/11/26 04:31:48| helperStatefulOpenServers: No 'negotiate_kerberos_auth' processes needed.
2014/11/26 04:31:48| helperOpenServers: Starting 5/5 'ext_ldap_group_acl' processes
2014/11/26 04:31:48| Logfile: opening log /var/log/squid3/access.log
2014/11/26 04:31:48| WARNING: log parameters now start with a module name. Use 'stdio:/var/log/squid3/access.log'
2014/11/26 04:31:48| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/11/26 04:31:48| Logfile: opening log /var/log/squid3/store.log
2014/11/26 04:31:48| WARNING: log parameters now start with a module name. Use 'stdio:/var/log/squid3/store.log'
2014/11/26 04:31:48| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/11/26 04:31:48| Target number of buckets: 1008
2014/11/26 04:31:48| Using 8192 Store buckets
2014/11/26 04:31:48| Max Mem  size: 262144 KB
2014/11/26 04:31:48| Max Swap size: 0 KB
2014/11/26 04:31:48| Using Least Load store dir selection
2014/11/26 04:31:48| Set Current Directory to /var/spool/squid3
2014/11/26 04:31:48| Loaded Icons.
2014/11/26 04:31:48| HTCP Disabled.
2014/11/26 04:31:48| commBind: Cannot bind socket FD 20 to [::1]: (99) Cannot assign requested address
2014/11/26 04:31:48| commBind: Cannot bind socket FD 21 to [::1]: (99) Cannot assign requested address
2014/11/26 04:31:48| ERROR: Failed to create helper child read FD: UDP[::1]
2014/11/26 04:31:48| Configuring Parent 127.0.0.1/3129/0
2014/11/26 04:31:48| Squid plugin modules loaded: 0
2014/11/26 04:31:48| Adaptation support is off.
2014/11/26 04:31:48| Accepting HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 19 flags=9
2014/11/26 04:31:49| storeLateRelease: released 0 objects
2014/11/26 04:31:55| WARNING: Unsupported or unconfigured/inactive proxy-auth scheme, 'Basic a25nOk1vcmV6YWtpbmQxMw=='
2014/11/26 04:31:55| Starting new negotiateauthenticator helpers...
2014/11/26 04:31:55| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes
2014/11/26 04:31:55| ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'
2014/11/26 04:32:08| netdbExchangeHandleReply: corrupt data, aborting
2014/11/26 04:32:26| ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'
2014/11/26 04:32:27| ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'
2014/11/26 04:33:00| ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'
2014/11/26 05:11:48| Logfile: opening log stdio:/var/log/squid3/netdb.state
2014/11/26 05:11:48| Logfile: closing log stdio:/var/log/squid3/netdb.state
2014/11/26 05:11:48| NETDB state saved; 0 entries, 1 msec
2014/11/26 05:58:52| Logfile: opening log stdio:/var/log/squid3/netdb.state
2014/11/26 05:58:52| Logfile: closing log stdio:/var/log/squid3/netdb.state
2014/11/26 05:58:52| NETDB state saved; 0 entries, 0 msec

If I turn off SSO for proxy module, user gets auth window, enters his domain login and password and successfully get access.

How could this be fixed?

Cookies usage

Messages - kenga13

Installation and Upgrades / Zentyal 4.0. Proxy SSO doesn't work then enabled. And, regular auth won't work.

Russian / SSO не работает в модуле proxy Zentyal 4.0