аутентификация при выходе в интернет squid

[kurono]

Код: Выделить всё

Есть домен (test.local) под управление Windows server 2008 R2 (AD DNS )ip 192.168.0.10
Машина с FreeBSD 8.2 с 2-мя сетевыми интерфейсами em0 – внешний интерфейс
ip 192.168.244.253; em1 – внутренний ip – 192.168.0.1
ядро пересобрано со следующими опциями:

Код: Выделить всё

options         IPFIREWALL    #  Включение самого файрвола
options         IPFIREWALL_VERBOSE      #  Пакеты записываются в лог файл
options         IPFIREWALL_VERBOSE_LIMIT=100 #  ограничиваем количество записей в лог файле
options         IPFIREWALL_FORWARD     #  поддержка форвардинга
options         IPDIVERT   #  включение natd
options         DUMMYNET    #  включение ширины канала

мой rc.conf:

Код: Выделить всё

hostname="fw1.test.local"
defaultrouter="192.168.244.40"
ifconfig_em0="inet 192.168.244.253 netmask 255.255.255.0"
ifconfig_em1="inet 192.168.0.1  netmask 255.255.255.0"
keymap="ru.koi8-r.win"
font8x14="koi8-r-8x14"
font8x16="koi8-r-8x16"
font8x8="koi8-r-8x8"
keyrate="fast"
sshd_enable="YES"
# Firewall
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="em0"
firewall_quiet="NO"
gateway_enable="YES"
apache_enable="YES"
squid_enable="YES"
mysql_enable="YES"
sams_enable="YES"

Далее всё делаю по инструкции - http://www.lissyara.su/articles/freebsd ... ik-adldap/
Всё поставилось , подключился, создал базу в Mysql, импортировал пользователей из домена.

Конфиг firewall:

Код: Выделить всё

#!/bin/sh
ipfw="/sbin/ipfw -q"
local="192.168.0.1/24"
net="192.168.244.253/24"
oif="em1"             
iif="em0"             

${ipfw} flush -f
${ipfw} fwd 192.168.0.1 tcp from any to any http via em1
$[ipfw] add pass all from any to any
${ipfw} fwd 127.0.0.1,3128 tcp from any to any http via em1
${ipfw} add pass all from any to any

Делаю настройки прокси в ie на клиенте, далее при запросе к ресурсам интернет появляется запрос логин/пароль, ввожу данные импортированных из AD пользователей, но аутентификация не происходит и окошко с запросом логин пароля появляется повторно.
Подскажите плз в какую сторону копать?

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[skeletor]

Смотрите в логи squid'a

[kurono]

cache.log сквида выдает:

Код: Выделить всё

2011/08/02 04:31:02| Waiting 30 seconds for active connections to finish
2011/08/02 04:31:02| FD 27 Closing HTTP connection
2011/08/02 04:31:33| Shutting down...
2011/08/02 04:31:33| FD 28 Closing ICP connection
2011/08/02 04:31:33| Closing unlinkd pipe on FD 25
2011/08/02 04:31:33| storeDirWriteCleanLogs: Starting...
2011/08/02 04:31:34|   Finished.  Wrote 0 entries.
2011/08/02 04:31:34|   Took 0.0 seconds (   0.0 entries/sec).
CPU Usage: 4.134 seconds = 0.161 user + 3.973 sys
Maximum Resident Size: 5208 KB
Page faults with physical i/o: 4
2011/08/02 04:31:34| logfileClose: closing log /var/squid/logs/store.log
2011/08/02 04:31:34| logfileClose: closing log /var/squid/logs/access.log
2011/08/02 04:31:34| Squid Cache (Version 2.7.STABLE9): Exiting normally.
2011/08/03 00:33:34| Starting Squid Cache version 2.7.STABLE9 for i386-portbld-freebsd8.2...
2011/08/03 00:33:34| Process ID 1184
2011/08/03 00:33:34| With 11095 file descriptors available
2011/08/03 00:33:34| Using kqueue for the IO loop
2011/08/03 00:33:34| helperOpenServers: Starting 5 'dnsserver' processes
2011/08/03 00:33:34| helperOpenServers: Starting 5 'redirector' processes
2011/08/03 00:33:34| helperOpenServers: Starting 5 'squid_ldap_auth' processes
2011/08/03 00:33:34| logfileOpen: opening log /var/squid/logs/access.log
2011/08/03 00:33:34| Unlinkd pipe opened on FD 25
2011/08/03 00:33:34| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2011/08/03 00:33:34| Target number of buckets: 425
2011/08/03 00:33:34| Using 8192 Store buckets
2011/08/03 00:33:34| Max Mem  size: 8192 KB
2011/08/03 00:33:34| Max Swap size: 102400 KB
2011/08/03 00:33:34| logfileOpen: opening log /var/squid/logs/store.log
2011/08/03 00:33:34| Rebuilding storage in /var/squid/cache (CLEAN)
2011/08/03 00:33:34| Using Least Load store dir selection
2011/08/03 00:33:34| Set Current Directory to /var/squid/cache
2011/08/03 00:33:34| Loaded Icons.
2011/08/03 00:33:35| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 27.
2011/08/03 00:33:35| Accepting ICP messages at 0.0.0.0, port 3130, FD 28.
2011/08/03 00:33:35| WCCP Disabled.
2011/08/03 00:33:35| Ready to serve requests.
2011/08/03 00:33:35| Done reading /var/squid/cache swaplog (0 entries)
2011/08/03 00:33:35| Finished rebuilding storage from disk.
2011/08/03 00:33:35|         0 Entries scanned
2011/08/03 00:33:35|         0 Invalid entries.
2011/08/03 00:33:35|         0 With invalid flags.
2011/08/03 00:33:35|         0 Objects loaded.
2011/08/03 00:33:35|         0 Objects expired.
2011/08/03 00:33:35|         0 Objects cancelled.
2011/08/03 00:33:35|         0 Duplicate URLs purged.
2011/08/03 00:33:35|         0 Swapfile clashes avoided.
2011/08/03 00:33:35|   Took 0.6 seconds (   0.0 objects/sec).
2011/08/03 00:33:35| Beginning Validation Procedure
2011/08/03 00:33:35|   Completed Validation Procedure
2011/08/03 00:33:35|   Validated 0 Entries
2011/08/03 00:33:35|   store_swap_size = 0k
2011/08/03 00:33:35| storeLateRelease: released 0 objects
2011/08/03 00:51:33| Preparing for shutdown after 0 requests
2011/08/03 00:51:33| Waiting 30 seconds for active connections to finish
2011/08/03 00:51:33| FD 27 Closing HTTP connection
2011/08/03 22:47:16| Starting Squid Cache version 2.7.STABLE9 for i386-portbld-freebsd8.2...
2011/08/03 22:47:16| Process ID 1281
2011/08/03 22:47:16| With 11095 file descriptors available
2011/08/03 22:47:16| Using kqueue for the IO loop
2011/08/03 22:47:16| helperOpenServers: Starting 5 'dnsserver' processes
2011/08/03 22:47:16| helperOpenServers: Starting 5 'redirector' processes
2011/08/03 22:47:16| helperOpenServers: Starting 5 'squid_ldap_auth' processes
2011/08/03 22:47:17| logfileOpen: opening log /var/squid/logs/access.log
2011/08/03 22:47:17| Unlinkd pipe opened on FD 25
2011/08/03 22:47:17| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2011/08/03 22:47:17| Target number of buckets: 425
2011/08/03 22:47:17| Using 8192 Store buckets
2011/08/03 22:47:17| Max Mem  size: 8192 KB
2011/08/03 22:47:17| Max Swap size: 102400 KB
2011/08/03 22:47:17| logfileOpen: opening log /var/squid/logs/store.log
2011/08/03 22:47:17| Rebuilding storage in /var/squid/cache (DIRTY)
2011/08/03 22:47:17| Using Least Load store dir selection
2011/08/03 22:47:17| Set Current Directory to /var/squid/cache
2011/08/03 22:47:17| Loaded Icons.
2011/08/03 22:47:17| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 27.
2011/08/03 22:47:17| Accepting ICP messages at 0.0.0.0, port 3130, FD 28.
2011/08/03 22:47:17| WCCP Disabled.
2011/08/03 22:47:17| Ready to serve requests.
2011/08/03 22:47:17| Done reading /var/squid/cache swaplog (0 entries)
2011/08/03 22:47:17| Finished rebuilding storage from disk.
2011/08/03 22:47:17|         0 Entries scanned
2011/08/03 22:47:17|         0 Invalid entries.
2011/08/03 22:47:17|         0 With invalid flags.
2011/08/03 22:47:17|         0 Objects loaded.
2011/08/03 22:47:17|         0 Objects expired.
2011/08/03 22:47:17|         0 Objects cancelled.
2011/08/03 22:47:17|         0 Duplicate URLs purged.
2011/08/03 22:47:17|         0 Swapfile clashes avoided.
2011/08/03 22:47:17|   Took 0.8 seconds (   0.0 objects/sec).
2011/08/03 22:47:17| Beginning Validation Procedure
2011/08/03 22:47:17|   Completed Validation Procedure
2011/08/03 22:47:17|   Validated 0 Entries
2011/08/03 22:47:17|   store_swap_size = 0k
2011/08/03 22:47:18| storeLateRelease: released 0 objects
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

access.log :

Код: Выделить всё

1312218887.565      1 192.168.0.15 TCP_DENIED/407 1700 GET http://www.live.com/favicon.ico - NONE/- text/html
1312218887.568      0 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? - NONE/- text/html
1312218912.772     19 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? ldap@test.local NONE/- text/html
1312218917.329      8 192.168.0.15 TCP_DENIED/407 1712 GET http://go.microsoft.com/favicon.ico ldap@test.local NONE/- text/html
1312218917.342      8 192.168.0.15 TCP_DENIED/407 1712 GET http://go.microsoft.com/favicon.ico ldap@test.local NONE/- text/html
1312218922.289      0 192.168.0.15 TCP_DENIED/407 1667 CONNECT go.microsoft.com:443 - NONE/- text/html
1312397444.030      4 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? - NONE/- text/html
1312397444.398      0 192.168.0.15 TCP_DENIED/407 1700 GET http://www.live.com/favicon.ico - NONE/- text/html
1312397481.265    161 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? ldap@test.local NONE/- text/html
1312397497.810      8 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? ldap NONE/- text/html
1312397511.493      2 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? root NONE/- text/html
1312397512.408      0 192.168.0.15 TCP_DENIED/407 1712 GET http://go.microsoft.com/favicon.ico root NONE/- text/html
1312397512.418      0 192.168.0.15 TCP_DENIED/407 1712 GET http://go.microsoft.com/favicon.ico root NONE/- text/html
1312397513.794      0 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? root NONE/- text/html
1312397513.852      0 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? root NONE/- text/html
1312397520.942     21 192.168.0.15 TCP_DENIED/407 1703 GET http://go.microsoft.com/fwlink/? root NONE/- text/html