Hello, IE6 does not support the Negotiate authentication scheme for proxies. It does support that only against web servers. Regards Malte On Fri, 24 Oct 2008 07:38:57 -0400 "Steven Cardinal" <steven.cardinal@xxxxxxxxx> wrote: > Thanks Henrik, > > That was my issue with Firefox - it now authenticates just fine. I've > been unable to get IE (6.0.2900.2180.xpsp_sp2_gdr.080814-1233) to > authenticate. I know this isn't a squid-specific thing, but any ideas > what setting in IE may be responsible for this? If not, no problem. I > appreciate your rapid response on my main issue. > > Regards, > > Steve > > On Thu, Oct 23, 2008 at 3:03 PM, Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > > On tor, 2008-10-23 at 14:25 -0400, Steven Cardinal wrote: > >> I see no sign on my DCs of any failed authentication. A tcpdump trace > >> on my workstation shows no attempts from my Windows PC to perform any > >> kerberos authentication. If I try running the command line specified > >> in the squid.conf, I get: > > > > Then your browsers do not trust the proxy with kerberos authentication. > > Verify that you have configured the proxy by name and not IP in the > > browser proxy settings. To be exact the proxy name needs to match both a > > name that the browser trusts with Kerberos authentication AND a server > > kerberos ticket (or whatever those are called, kept in the keytab, > > kerberos is not a strong field of mine..) > > > >> I'm guessing, however, that squid_kerb_auth can't be run just like > >> that, however. > > > > Correct. You need to speak base64 encoded GSSAPI wrapped in Microsoft > > Negotiate SSP protocol format wrapped in the "Squid NTLM/Negotiate > > protocol" to it.. > > > >> Any ideas where I should look? I set my keytab file to be > >> world-readable as a test and that didn't help. > > > > It seems you don't even get that far.. the very first steps is not > > dependent on the helper, only browser.. only when the browser agrees on > > sending the initial negotiation packet is the helper called. Until then > > all that happens is that Squid says that authentication is required to > > continue and the Negotiate SSP authentication protocol is supported. > > > > Regards > > Henrik > > > -- --------------------------------------- Malte Schröder MalteSch@xxxxxx ICQ# 68121508 ---------------------------------------
Attachment:
signature.asc
Description: PGP signature
