Squid server sensitive to AD/DC machine changes

Dave Augustus davea at support.kcm.org
Tue Sep 7 16:41:10 GMT 2004

Hello All,

Any time a machine is added to, or taken out of, the Domain
Controllers(DC) or Active Directory(AD) servers, I have to manually edit
krb5.conf and duplicate the changes by hand in order for proxy
authentication to be seemless- no auth popup.

We are in a mixed AD/DC enviroment where we have a trust between the

This morning a DC was taken down and the Squid server that uses NTLM via
DC broke and was prompting users to enter their credentials. I removed
the DC from the KRB5.conf file and everything worked fine.

This appears to be a consistent problem as it has happened in the past
with the AD servers as well. I assumed that having more than one server
in the krb5.conf would provide some redundancy. However, it appears to
do exacly opposite, i.e. all servers have to be up for Squid to auth to

Software List:
Redhat 9.0

Thanks in advance,
Dave Augustus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040907/ca6376e3/attachment.bin

More information about the samba-technical mailing list