Hi, I a m trying to authenticate users through kerberos on a windows 2003 server AD. Basically, I followed the klaubert tutorial [1], part on Negotiate/kerberos authentication. The kerberos stuff seems ok, I can get some tickets using kinit and see them using klist. The error message I get is "authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token'", and I saw a previous thread talking about that [2], but I am sorry I don't understand most of it. When it says "squid_kerb_auth only support Kerberos, but it looks like that your client for some reason attempted to use NTLM. ", does this mean the web browser/gssapi or stuff on the client side is the problem ? Is there anything to do on the windows client machine to send just a standard kerberos ticket ? Or is the integration of ntlm_auth into squid_kerb_auth achieved (couldn't find news on that point) and a better thing to use ? And, last but not least, it seems we can start squid_kerb_auth from the command line in standalone (well, that's the way it works with squid), is there a way to use it to debug the situation ? Thanks for your answers, Jeremy [1] http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/ [2] http://www.nabble.com/Negotiate-problem-%27BH-received-type-1-NTLM-token%27-td17981333.html
