Squid on two domains?

I

I_AM_SHEF2019-12-29 12:23:47

Squid

I_AM_SHEF, 2019-12-29 12:23:47

Good afternoon, colleagues!
Configured squid with integration via kerberos with AD.
Everything works, everything is great.
There are two domain controllers - primary and backup.
If the main DC1 is disabled, squid starts asking for a login password when starting the browser. (i.e. synchronization with DC does not work)
Where to look? What needs to be checked?
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

akelsey, 2019-12-29
@akelsey

Probably AD hardly and if all other services work. I suspect SQUID is configured for only one controller, usually a domain controller is registered in the "external_acl_type" section through the "-S" key.
If everything is fine there, then the second option - perhaps for the second DC PTR is not registered in the reverse zone.
And so on the weekend - turn on verbose logging, put out the first DC and debug ...

M

Maxim Korneev, 2020-12-30
@MaxLK

not often in our time you will meet AD on NT or B2K.
I would recommend thinking about updating hardware and software - it's time.
well, pass on respect to the author and warm regards to those who fired him and undertook to work instead of him. last to start learning. for example, the fact that it is not necessary to turn off the DC during operation.
By the way, why do you need Squid?

C

CityCat4, 2020-12-30
@CityCat4

Configured squid with integration via kerberos with AD

Well means either such integration, or such AD. Because in normal AD MS somewhere inside itself provides switching between DC.
Show the auth_param line that configures integration with AD