Добрый день, прошу помощи у людей с опытом :) Уже как неделю пробую запустить SQUID с авторизацией через kerberos но получается со скрипом, перечитал кучу манов побывал разные конфигурации и постоянно появляются разные ошибки:) На данный момент достигнуто то что команды wbinfo -t kinit -k Выполняются без ошибок авторизация на dc проходит, билет получаю. Компьютер в домене. nano /etc/krb5.conf
[libdefaults] default_realm = MSK.HOME.RU dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h # default_keytab_name = /etc/squid3/proxy.keytab # default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 # default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 # permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
# for Windows 2008 with AES default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
# The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true
[realms] MSK.HOME.RU = { kdc = MSK-dc1.MSK.HOME.RU admin_server = MSK-dc1.MSK.HOME.RU default_domain = MSK.HOME.RU }
[domain_realm] .MSK.HOME.RU = MSK.HOME.RU MSK.HOME.RU = MSK.HOME.RU
[login] krb4_convert = true krb4_get_tickets = false
################################################################## nano /etc/krb5.conf
#
#======================= Global Settings =======================
[global] usershare allow guests = yes unix password sync = yes panic action = /usr/share/samba/panic-action %d dns proxy = no syslog = 0 os level = 20 passwd program = /usr/bin/passwd %u passdb backend = tdbsam winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind uid = 10000-20000 winbind gid = 10000-20000 log file = /var/log/samba/log.%m netbios name = Conductor passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . max log size = 1000 map to guest = bad user server role = standalone server workgroup = MSK realm = MSK.HOME.RU obey pam restrictions = yes pam password change = yes security = ADS encrypt passwords = true dns proxy = no socket options = TCP_NODELAY domain master = no local master = no preferred master = no os level = 0 domain logons = no load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes
/var/lib/samba -s /bin/false %u
#======================= Share Definitions =======================
[homes] directory mask = 0700 create mask = 0700 browseable = no valid users = %S path = /home/ comment = Home Directories public = yes
# By default, the home directories are exported read-only. Change the # next parameter to 'no' if you want to be able to write to them.
# File creation mask is set to 0700 for security reasons. If you want to # create files with group=rw permissions, set next parameter to 0775.
# Directory creation mask is set to 0700 for security reasons. If you want to # create dirs. with group=rw permissions, set next parameter to 0775.
# By default, \\server\username shares can be connected to by anyone # with access to the samba server. # The following parameter makes sure that only «username» can connect # to \\server\username # This might need tweaking when using external authentication schemes
# Un-comment the following and create the netlogon directory for Domain Logons # (you need to configure Samba to act as a domain controller too.) ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; read only = yes
# Un-comment the following and create the profiles directory to store # users profiles (see the «logon path» option above) # (you need to configure Samba to act as a domain controller too.) # The path below should be writable by all users so that their # profile directory may be created the first time they log on ;[profiles] ; comment = Users profiles ; path = /home/samba/profiles ; guest ok = no ; browseable = no ; create mask = 0600 ; directory mask = 0700
[printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700
# Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no # Uncomment to allow remote administration of Windows print drivers. # You may need to replace 'lpadmin' with the name of the group your # admin users are members of. # Please note that you also need to set appropriate Unix permissions # to the drivers directory for these users to have write rights in it ; write list = root, @lpadmin
[temp] user = administrator,root write list = administrator,root path = /home/ valid users = administrator,root
#################################################################### ktpass
ktpass -princ HTTP/SQUID.HOME.RU@HOME.RU -mapuser KOM\s-KOM-SquidKerb -pass PasSw0rd -crypto All -ptype KRB5_NT_PRINCIPAL -out C:\Temp\PROXY.keytab
#####################################################################
nano /etc/squid3/squid3.conf
# SQUID 3.4.8 Configuration # ----------------------------------------------------------------------------- # # OPTIONS FOR AUTHENTICATION # ----------------------------------------------------------------------------- # # Negotiate Kerberos and NTLM authentication auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib/squid3/negotiate_kerberos_auth -r -s HTTP/SQUID.HOME.RU@MSK.HOME.RU auth_param negotiate children 200 startup=50 idle=10 auth_param negotiate keep_alive off
# Only NTLM authentication auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 100 startup=20 idle=5 auth_param ntlm keep_alive off
# Basic authentication via ldap for clients not authenticated via kerberos/ntlm auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -P -R -b «dc=MSK,dc=HOME,dc=ru» -D squid3@MSK.HOME.RU -W /etc/squid3/conf_param_ldappass.txt -f sAMAccountName=%s -h MSK-dc1.MSK.HOME.RU auth_param basic children 20 auth_param basic realm «MSK-DC1.MSK.HOME.RU SQUID Proxy Server Basic authentication!» auth_param basic credentialsttl 2 hours
# ACCESS CONTROLS # ----------------------------------------------------------------------------- # # LDAP authorization external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b «dc=MSK,dc=home,dc=ru» -D squid3@MSK.HOME.RU -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Security Groups,OU=MSK,DC=msk,DC=home,DC=ru))" -h MSK-dc1.MSK.HOME.RU # acl auth proxy_auth REQUIRED acl BlockedAccess external memberof «/etc/squid3/conf_param_groups_blocked.txt» acl RestrictedAccess external memberof «/etc/squid3/conf_param_groups_restricted.txt» acl StandardAccess external memberof «/etc/squid3/conf_param_groups_standard.txt» acl FullAccess external memberof «/etc/squid3/conf_param_groups_full_auth.txt» acl AnonymousAccess external memberof «/etc/squid3/conf_param_groups_full_anon.txt»
acl allowedsites dstdomain «/etc/squid3/conf_param_sites_allowed.txt» acl blockedsites dstdomain «/etc/squid3/conf_param_sites_blocked.txt» acl prioritysites dstdomain «/etc/squid3/conf_param_sites_priority.txt» # acl LocalWUServers src «/etc/squid3/conf_param_computers_wsus.txt» acl GlobalWUSites dstdomain «/etc/squid3/conf_param_sites_wsus.txt» # # # Squid default ACLs # ACLs all, manager, localhost, and to_localhost are predefined. # acl manager proto cache_object # acl localhost src 127.0.0.1/32 ::1 # acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 172.17.0.0/24 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # # Deny requests to certain unsafe ports http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports
# Аllow cachemgr access from localhost and localnet http_access allow localhost manager http_access allow localnet manager http_access deny manager
# Allow direct access to Windows Update http_access allow GlobalWUSites LocalWUServers
# Allow unrestricted access to prioritysites http_access allow prioritysites localnet
# Enforce authentication, order of rules is important for authorization levels http_access deny !auth
# Prevent access to basic auth prompt for BlockedAccess users http_access deny BlockedAccess all http_access allow allowedsites localnet http_access deny RestrictedAccess all http_access allow AnonymousAccess auth localnet http_access allow FullAccess auth localnet http_access deny blockedsites http_access allow StandardAccess auth localnet
# And finally deny all other access to this proxy http_access deny all # # NETWORK OPTIONS # ----------------------------------------------------------------------------- # http_port 172.17.16.94:3128 # # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # ----------------------------------------------------------------------------- # hierarchy_stoplist cgi-bin ? forward_max_tries 25 #
# LOGFILE OPTIONS # ----------------------------------------------------------------------------- # # don't log AnonymousAccess access_log daemon:/var/log/squid3/access.log squid !AnonymousAccess
# OPTIONS FOR TROUBLESHOOTING # ----------------------------------------------------------------------------- # cache_log /var/log/squid3/cache.log coredump_dir /var/spool/squid3
# OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- # refresh_pattern ^ftp: &n... 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320
# ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- # cache_mgr it@MSK.RU httpd_suppress_version_string on visible_hostname SQUID MSK.RU
# ERROR PAGE OPTIONS # ----------------------------------------------------------------------------- # error_directory /usr/share/squid3/errors/ru error_default_language ru
# DNS OPTIONS # ----------------------------------------------------------------------------- # dns_v4_first on
# MISCELLANEOUS # ----------------------------------------------------------------------------- # forwarded_for delete cachemgr_passwd StrOnG_ all # #
##################################################################### nano /var/log/squid3/cache.log
2016/12/06 14:45:36 kid1| Closing Pinger socket on FD 163 2016/12/06 14:45:36| pinger: Initialising ICMP pinger ... 2016/12/06 14:45:36| pinger: ICMP socket opened. 2016/12/06 14:45:36| pinger: ICMPv6 socket opened 2016/12/06 14:45:36| Pinger exiting. 2016/12/06 14:45:39 kid1| Set Current Directory to /var/spool/squid3 2016/12/06 14:45:39 kid1| Starting Squid Cache version 3.4.8 for i586-pc-linux-gnu... 2016/12/06 14:45:39 kid1| Process ID 1457 2016/12/06 14:45:39 kid1| Process Roles: worker 2016/12/06 14:45:39 kid1| With 65535 file descriptors available 2016/12/06 14:45:39 kid1| Initializing IP Cache... 2016/12/06 14:45:39 kid1| DNS Socket created at [::], FD 7 2016/12/06 14:45:39 kid1| DNS Socket created at 0.0.0.0, FD 8 2016/12/06 14:45:39 kid1| Adding domain msk.home.ru from /etc/resolv.conf 2016/12/06 14:45:39 kid1| Adding domain msk.home.ru from /etc/resolv.conf 2016/12/06 14:45:39 kid1| Adding nameserver 172.17.16.24 from /etc/resolv.conf 2016/12/06 14:45:39 kid1| Adding nameserver 172.17.16.6 from /etc/resolv.conf 2016/12/06 14:45:39 kid1| helperOpenServers: Starting 50/200 'negotiate_wrapper_auth' processes 2016/12/06 14:45:41 kid1| helperOpenServers: Starting 20/100 'ntlm_auth' processes 2016/12/06 14:45:42 kid1| helperOpenServers: Starting 0/20 'basic_ldap_auth' processes 2016/12/06 14:45:42 kid1| helperOpenServers: No 'basic_ldap_auth' processes needed. 2016/12/06 14:45:42 kid1| helperOpenServers: Starting 5/5 'ext_ldap_group_acl' processes 2016/12/06 14:45:42 kid1| Logfile: opening log daemon:/var/log/squid3/access.log 2016/12/06 14:45:42 kid1| Logfile Daemon: opening log /var/log/squid3/access.log 2016/12/06 14:45:43 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2016/12/06 14:45:43 kid1| Store logging disabled 2016/12/06 14:45:43 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2016/12/06 14:45:43 kid1| Target number of buckets: 1008 2016/12/06 14:45:43 kid1| Using 8192 Store buckets 2016/12/06 14:45:43 kid1| Max Mem size: 262144 KB 2016/12/06 14:45:43 kid1| Max Swap size: 0 KB 2016/12/06 14:45:43 kid1| Using Least Load store dir selection 2016/12/06 14:45:43 kid1| Set Current Directory to /var/spool/squid3 2016/12/06 14:45:44 kid1| Finished loading MIME types and icons. 2016/12/06 14:45:44 kid1| commBind: Cannot bind socket FD 161 to 172.17.16.94:3128: (99) Cannot assign requested address 2016/12/06 14:45:44 kid1| HTCP Disabled. 2016/12/06 14:45:44 kid1| Pinger socket opened on FD 163 2016/12/06 14:45:44 kid1| Squid plugin modules loaded: 0 2016/12/06 14:45:44 kid1| Adaptation support is off. 2016/12/06 14:45:44 kid1| Closing HTTP port 172.17.16.94:3128 2016/12/06 14:45:44 kid1| storeDirWriteCleanLogs: Starting... 2016/12/06 14:45:44 kid1| Finished. Wrote 0 entries. 2016/12/06 14:45:44 kid1| Took 0.00 seconds ( 0.00 entries/sec). FATAL: Unable to open HTTP Socket Squid Cache (Version 3.4.8): Terminated abnormally. CPU Usage: 0.272 seconds = 0.112 user + 0.160 sys Maximum Resident Size: 78624 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena: 4488 KB Ordinary blocks: 4378 KB 80 blks Small blocks: 0 KB 1 blks Holding blocks: 27540 KB 8 blks Free Small blocks: 0 KB Free Ordinary blocks: 109 KB Total in use: 31918 KB 711% Total free: 109 KB 2% 2016/12/06 14:45:44 kid1| Closing Pinger socket on FD 163 2016/12/06 14:45:44| pinger: Initialising ICMP pinger ... 2016/12/06 14:45:44| pinger: ICMP socket opened. 2016/12/06 14:45:44| pinger: ICMPv6 socket opened 2016/12/06 14:45:44| Pinger exiting. 2016/12/06 14:45:47 kid1| Set Current Directory to /var/spool/squid3 2016/12/06 14:45:47 kid1| Starting Squid Cache version 3.4.8 for i586-pc-linux-gnu... 2016/12/06 14:45:47 kid1| Process ID 1972 2016/12/06 14:45:47 kid1| Process Roles: worker 2016/12/06 14:45:47 kid1| With 65535 file descriptors available 2016/12/06 14:45:47 kid1| Initializing IP Cache... 2016/12/06 14:45:47 kid1| DNS Socket created at [::], FD 8 2016/12/06 14:45:47 kid1| DNS Socket created at 0.0.0.0, FD 9 2016/12/06 14:45:47 kid1| Adding domain msk.home.ru from /etc/resolv.conf 2016/12/06 14:45:47 kid1| Adding domain msk.home.ru from /etc/resolv.conf 2016/12/06 14:45:47 kid1| Adding nameserver 172.17.16.24 from /etc/resolv.conf 2016/12/06 14:45:47 kid1| Adding nameserver 172.17.16.6 from /etc/resolv.conf 2016/12/06 14:45:47 kid1| helperOpenServers: Starting 50/200 'negotiate_wrapper_auth' processes 2016/12/06 14:45:49 kid1| helperOpenServers: Starting 20/100 'ntlm_auth' processes 2016/12/06 14:45:50 kid1| helperOpenServers: Starting 0/20 'basic_ldap_auth' processes 2016/12/06 14:45:50 kid1| helperOpenServers: No 'basic_ldap_auth' processes needed. 2016/12/06 14:45:50 kid1| helperOpenServers: Starting 5/5 'ext_ldap_group_acl' processes 2016/12/06 14:45:51 kid1| Logfile: opening log daemon:/var/log/squid3/access.log 2016/12/06 14:45:51 kid1| Logfile Daemon: opening log /var/log/squid3/access.log 2016/12/06 14:45:51 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2016/12/06 14:45:51 kid1| Store logging disabled 2016/12/06 14:45:51 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2016/12/06 14:45:51 kid1| Target number of buckets: 1008 2016/12/06 14:45:51 kid1| Using 8192 Store buckets 2016/12/06 14:45:51 kid1| Max Mem size: 262144 KB 2016/12/06 14:45:51 kid1| Max Swap size: 0 KB 2016/12/06 14:45:51 kid1| Using Least Load store dir selection 2016/12/06 14:45:51 kid1| Set Current Directory to /var/spool/squid3 2016/12/06 14:45:52 kid1| Finished loading MIME types and icons. 2016/12/06 14:45:52 kid1| HTCP Disabled. 2016/12/06 14:45:52 kid1| Pinger socket opened on FD 164 2016/12/06 14:45:52 kid1| Squid plugin modules loaded: 0 2016/12/06 14:45:52 kid1| Adaptation support is off. 2016/12/06 14:45:52 kid1| Accepting HTTP Socket connections at local=172.17.16.94:3128 remote=[::] FD 162 flags=9 2016/12/06 14:45:52 kid1| storeLateRelease: released 0 objects 2016/12/06 14:45:52| pinger: Initialising ICMP pinger ... 2016/12/06 14:45:52| pinger: ICMP socket opened. 2016/12/06 14:45:52| pinger: ICMPv6 socket opened 2016/12/06 14:46:45 kid1| WARNING: ntlmauthenticator #Hlpr0 exited 2016/12/06 14:46:45 kid1| Too few ntlmauthenticator processes are running (need 5/100) 2016/12/06 14:46:45 kid1| Starting new helpers 2016/12/06 14:46:45 kid1| helperOpenServers: Starting 5/100 'ntlm_auth' processes 2016/12/06 14:46:45 kid1| ERROR: NTLM Authentication Helper '0xb96fb4b8/0xb96fb4b8' crashed!. 2016/12/06 14:46:45 kid1| ERROR: NTLM Authentication validating user. Result: {result=Unknown} 2016/12/06 14:46:46| negotiate_wrapper: Error reading NTLM helper response 2016/12/06 14:46:46 kid1| WARNING: negotiateauthenticator #Hlpr0 exited 2016/12/06 14:46:46 kid1| Too few negotiateauthenticator processes are running (need 10/200) 2016/12/06 14:46:46 kid1| Starting new helpers 2016/12/06 14:46:46 kid1| helperOpenServers: Starting 10/200 'negotiate_wrapper_auth' processes 2016/12/06 14:46:46 kid1| ERROR: Negotiate Authentication Helper '0xb96b8ae0/0xb96b8ae0' crashed!. 2016/12/06 14:46:46 kid1| ERROR: Negotiate Authentication validating user. Result: {result=Unknown} 2016/12/06 14:46:46 kid1| WARNING: ntlmauthenticator #Hlpr0 exited 2016/12/06 14:46:46 kid1| Too few ntlmauthenticator processes are running (need 5/100) 2016/12/06 14:46:46 kid1| Starting new helpers 2016/12/06 14:46:46 kid1| helperOpenServers: Starting 5/100 'ntlm_auth' processes 2016/12/06 14:46:46 kid1| ERROR: NTLM Authentication Helper '0xb96fc758/0xb96fc758' crashed!. 2016/12/06 14:46:46 kid1| ERROR: NTLM Authentication validating user. Result: {result=Unknown} 2016/12/06 14:46:46 kid1| WARNING: ntlmauthenticator #Hlpr0 exited 2016/12/06 14:46:46 kid1| Too few ntlmauthenticator processes are running (need 5/100) 2016/12/06 14:46:46 kid1| Starting new helpers 2016/12/06 14:46:46 kid1| helperOpenServers: Starting 5/100 'ntlm_auth' processes 2016/12/06 14:46:46 kid1| ERROR: NTLM Authentication Helper '0xb96fda30/0xb96fda30' crashed!. 2016/12/06 14:46:46 kid1| ERROR: NTLM Authentication validating user. Result: {result=Unknown} 2016/12/06 14:47:21 kid1| WARNING: ntlmauthenticator #Hlpr0 exited 2016/12/06 14:47:21 kid1| Too few ntlmauthenticator processes are running (need 5/100) 2016/12/06 14:47:21 kid1| Starting new helpers 2016/12/06 14:47:21 kid1| helperOpenServers: Starting 5/100 'ntlm_auth' processes 2016/12/06 14:47:21 kid1| ERROR: NTLM Authentication Helper '0xb96fed08/0xb96fed08' crashed!. 2016/12/06 14:47:21 kid1| ERROR: NTLM Authentication validating user. Result: {result=Unknown} 2016/12/06 14:47:23 kid1| WARNING: ntlmauthenticator #Hlpr0 exited 2016/12/06 14:47:23 kid1| Too few ntlmauthenticator processes are running (need 5/100) 2016/12/06 14:47:23 kid1| Starting new helpers 2016/12/06 14:47:23 kid1| helperOpenServers: Starting 5/100 'ntlm_auth' processes 2016/12/06 14:47:23 kid1| ERROR: NTLM Authentication Helper '0xb96fffe0/0xb96fffe0' crashed!. 2016/12/06 14:47:23 kid1| ERROR: NTLM Authentication validating user. Result: {result=Unknown} 2016/12/06 14:47:24| negotiate_wrapper: Error reading NTLM helper response 2016/12/06 14:47:24 kid1| WARNING: negotiateauthenticator #Hlpr0 exited 2016/12/06 14:47:24 kid1| Too few negotiateauthenticator processes are running (need 10/200) 2016/12/06 14:47:24 kid1| Starting new helpers 2016/12/06 14:47:24 kid1| helperOpenServers: Starting 10/200 'negotiate_wrapper_auth' processes 2016/12/06 14:47:24 kid1| ERROR: Negotiate Authentication Helper '0xb96b9d08/0xb96b9d08' crashed!. 2016/12/06 14:47:24 kid1| ERROR: Negotiate Authentication validating user. Result: {result=Unknown} 2016/12/06 14:47:24 kid1| WARNING: ntlmauthenticator #Hlpr0 exited 2016/12/06 14:47:24 kid1| Too few ntlmauthenticator processes are running (need 5/100) 2016/12/06 14:47:24 kid1| Starting new helpers 2016/12/06 14:47:24 kid1| helperOpenServers: Starting 5/100 'ntlm_auth' processes 2016/12/06 14:47:24 kid1| ERROR: NTLM Authentication Helper '0xb97012b8/0xb97012b8' crashed!. 2016/12/06 14:47:24 kid1| ERROR: NTLM Authentication validating user. Result: {result=Unknown} 2016/12/06 14:47:25 kid1| WARNING: ntlmauthenticator #Hlpr0 exited 2016/12/06 14:47:25 kid1| Too few ntlmauthenticator processes are running (need 5/100) 2016/12/06 14:47:25 kid1| Starting new helpers 2016/12/06 14:47:25 kid1| helperOpenServers: Starting 5/100 'ntlm_auth' processes 2016/12/06 14:47:25 kid1| ERROR: NTLM Authentication Helper '0xb9702590/0xb9702590' crashed!. 2016/12/06 14:47:25 kid1| ERROR: NTLM Authentication validating user. Result: {result=Unknown} 2016/12/06 14:47:28| negotiate_wrapper: Error reading NTLM helper response 2016/12/06 14:47:28 kid1| WARNING: negotiateauthenticator #Hlpr0 exited 2016/12/06 14:47:28 kid1| Too few negotiateauthenticator processes are running (need 10/200) 2016/12/06 14:47:28 kid1| Starting new helpers 2016/12/06 14:47:28 kid1| helperOpenServers: Starting 10/200 'negotiate_wrapper_auth' processes 2016/12/06 14:47:28 kid1| ERROR: Negotiate Authentication Helper '0xb96bafe0/0xb96bafe0' crashed!. 2016/12/06 14:47:28 kid1| ERROR: Negotiate Authentication validating user. Result: {result=Unknown} 2016/12/06 14:53:58 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect; }} 2016/12/06 14:54:21 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect; }} 2016/12/06 14:55:14 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect; }} 2016/12/06 14:55:14 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect; }} 2016/12/06 14:55:21 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect; }} 2016/12/06 14:55:21 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect; }} 2016/12/06 14:55:21 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect; }}