Allgemein

Another Kerberos error in Cache.log on Squid server

During my configuration of an Squid Proxy Server on Ubuntu in conjunction with Kerberos and Active Directory I encountered another error in the cache.log of the Squid Server: ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown error; }} The reason for this error was the loopback address (127.0.0.1) for the current host in the hosts file in /etc/hosts. The entry in the hosts file was like this: 127.0.0.1 squid.contoso.com I changed the entry to the real IP address of the Ubuntu Server: 192.168.1.250 squid.contoso.com After the chang I restarted the Server and...
Allgemein

Kerberos authentication error in cache.log on Squid server

I configured Kerberos authentication for a Squid proxy server on Ubuntu in an Active Directory domain. During my tests I got the following error in the cache.log: ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more information. No key table entry found matching HTTP/squid@; }} The reason for this error was a wrong entry in the hosts (/etc/hosts) file on the Ubuntu server. The entry for the server was missing the domain part. So the file contained 192.168.1.40 squid instead of 192.168.1.250 squid.contoso.com I added the domain part to the entry and restarted...
Allgemein

Kinit error on Ubuntu server

I configured Squid Proxy in conjunction with Kerberos authentication in an  Active Directory Domain. During my Tests I used kinit to check my Kerberos ticket on the Ubuntu Server and got the following error message: kinit: Client not found in Kerberos database while getting initial credentials The reason was two identical SPNs (Service Principal Names) in the Active Directory. To find them I checked the Active Directory for double SPNs with the setspn command and the -x parameter: setspn -x This command checks the Active Directory for identical SPNs and list them. The command showed me two entries for my...
Allgemein

NTLM authentication error in Squid cache.log

Recently I configured Squid as Proxy Server with NTLM authentication in an Active Directory Domain. As I started to use the Proxy Server in conjunction with my browser an authentication pop up appeared all of the time and I was not able to Access the Internet. I checked the Cache.log of the Squid Server and found the following error message: GENSEC login failed: NT_STATUS_UNSUCCESSFUL ERROR: NTLM Authentication validating user. Result: {result=BH, notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }} The cause of this Problem was a bug in the Samba version described in this bug Report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754339 The pipe of the winbind daemon was created in the wrong Directory...
Allgemein

Get hardware serial number from within Windows

Did you ever had the situation that you need to the get the serial number of a Server or PC at a remote location and you only had a remote desktop connection to this device? There is a solution that may work in this situation. Execute the following command from the command line: wmic bios get serialnumber That should generate an output like this: SerialNumber CZ12345678 If you configured WMI for remote access you can execute this command directly over the network with the following command line: wmic /node:MyServer01.contoso.com bios get serialnumber
Allgemein

Allow Web Ads in Sophos UTM

One of my customers uses the Sophos UTM with the web filter option (aka proxy server) enabled. The customer also uses search engines a lot to find companies in his area. Some of the results are shown as advertising in the result list. If users click on one of those links Sophos shows the following message: Content blocked While trying to retrieve the URL: https://www.googleadservices.com/pagead/... The content is blocked due to the following condition: The URL you have requested is blocked by Surf Protection. If you think this is wrong, please contact your administrator. Report: Blocked Category (Web Ads) So...
Allgemein

Installing opnsense 17.1 on Hyper-V Server 2008 R2

A customer wants an Installation of the opnsense Firewall on a Hyper-V Server 2008 R2. So I got the zipped iso file from one of the mirrors, unpacked it and started the installation. During the setup the installer told me that it was unable to find a suitable IDE or SCSI drive: "The installer could not find any disks suitable for Installation (IDE or SCSI) attached to this Computer..." I installed opnsense a couple of days before on a Hyper-V Server 2016 so I thought it would no problem to also install it on Hyper-V on Server 2008 R2 but...
Allgemein

Enabling Hyper-V Server 2016 for Remote Management

The Hyper-V Server 2016 is great solution if you want to host Hyper-V VMs without paying for a Server 2016 standard (or higher) license. The Server does not offer a full graphical user interface and no Hyper-V Manager. You can do almost every Hyper-V administration task from PowerShell but you need some time to dive into the set of cmdlets and I only work with Hyper-V Server from time to time so I would prefer a graphical tool. The solution is to use a mangement pc where the Hyper-V Manager is installed and connect to the Hyper-V Server over the...