The squid+ domain environment occurs when an attempt to retrieve the URL encounters the following error access is denied.

Favorites (0) failure issues:

ERROR

The requested URL could not being retrieved

The following error was encountered when attempting to retrieve the URL: http://news.163.com/

Access is denied.

Access
Control configuration prevents your request from being allowed on this
Time. Your service provider if you feel
Incorrect.

The administrator root of the cache server.

Sat was generated by localhost (squid/3.1.10), 03:59:43 GMT

Failure time and Environment:

The fault environment is iptables+squid+windows domain user authentication built for CentOS 6.6. The transparent proxy is not set.

The failure time is 10 o ' Day in the morning. Any web site that suddenly opens a whitelist will prompt for this error.

Trouble-shooting ideas.

This server was built by a previous engineer, and I took it on a temporary basis. For various reasons, the handover was only two or three hours. Cause the problem to be resolved for a long time.

1. The server has been working stably for six months without any action during this time period. Troubleshoot network problems, squid host connection to the external website (normal ~! ) Domain DNS resolution (normal DNS troubleshooting) ~ ~
   

2. The server was powered down due to a power outage in the previous one weeks. Suspected that a service failure did not start properly, Baidu needs to start the smb  nmb ntp squid winbind iptables krb5kdc service found to be started.

3. Checks all configuration files, all of which were not changed before but occasionally added to some whitelist URLs. Everything is fine.
   

4. Continue to Baidu, found some users of the solution, add a few more DNS. Still no problem solved.

5. Because it is the company's peak hours do not dare to delay everyone's work, temporarily in the squid.conf configuration file, comment out http_access deny all  add http_access allow all. rel Oad squid so that everyone can work properly first.

6. To continue the analysis, release to verify that all users are able to surf the Internet, the configuration is not a problem may be verifying the account is out of the question. Query/var/log/squid/access.log and cache.log  compared to the following log did not find anything unusual, and then the deadlock has been Baidu, find solutions. In fact, I am not familiar with this system, which leads to the delay of most of the time. Finally found that the log, not stored alone in the squid inside. But it exists in/var/log/message. Find found starting from 10, error

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/98/AD/wKioL1k_hFKys9FaAAGn23wuFKg539.jpg-wh_500x0-wm_ 3-wmp_4-s_1003728184.jpg "title=" qq.jpg "alt=" Wkiol1k_hfkys9faaagn23wufkg539.jpg-wh_50 "/>

Error Keywords:

Libads/kerberos_utils.c:101 (Ads_kinit_password)

Kerberos Kinit_password Your domain failed ticket is ineligible for postdating

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Unable-to-join-CPPM-to-a-domain/ta-p/192619 This page finds and solves the problem.

Cause of failure

Because the time of the Squid server and the domain server time is not unified, the error is 4-5 minutes, resulting in errors, which can be said to understand why the use of the very normal, sudden failure, and the number of connections is not very high. Calibrate the time and check the/var/log/message error disappears after 10 minutes. Logout Squid config file inside the http_access allow all to change to http_access deny all, reload squid service, use everything normal.

Troubleshooting Solutions

Correct the time of the Squid server and the domain server, so the production environment still corrects all servers in a unified time server.

Over

The squid+ domain environment occurs when an attempt to retrieve the URL encounters the following error access is denied.