Squid server sensitive to AD/DC machine changes
Dave Augustus
davea at support.kcm.org
Tue Sep 7 16:41:10 GMT 2004
Hello All,
Any time a machine is added to, or taken out of, the Domain
Controllers(DC) or Active Directory(AD) servers, I have to manually edit
krb5.conf and duplicate the changes by hand in order for proxy
authentication to be seemless- no auth popup.
We are in a mixed AD/DC enviroment where we have a trust between the
two.
This morning a DC was taken down and the Squid server that uses NTLM via
DC broke and was prompting users to enter their credentials. I removed
the DC from the KRB5.conf file and everything worked fine.
This appears to be a consistent problem as it has happened in the past
with the AD servers as well. I assumed that having more than one server
in the krb5.conf would provide some redundancy. However, it appears to
do exacly opposite, i.e. all servers have to be up for Squid to auth to
it.
Software List:
Redhat 9.0
krb5-1.3.1
samba-3.0.2a
squid-2.5.STABLE5
Thanks in advance,
Dave Augustus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040907/ca6376e3/attachment.bin
More information about the samba-technical
mailing list