On Tue, Aug 25, 2009 at 11:23 PM, Markus Moeller<huaraz@xxxxxxxxxxxxxxxx> wrote: >> I a m trying to authenticate users through kerberos on a windows 2003 >> server AD. Basically, I followed the klaubert tutorial [1], part on >> Negotiate/kerberos authentication. > See also http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos Of course I forgot this one, but I used it also. >> reason attempted to use NTLM. ", does this mean the web browser/gssapi >> or stuff on the client side is the problem ? Is there anything to do >> on the windows client machine to send just a standard kerberos ticket >> ? > Possibly. It is important that the proxy you have configured is the fqdn > and that your web Browser supports negotiate proxy authentication (e.g IE > > 7 or Firefox) Trying on windows 7 with IE 8 and FF 3.5. >> And, last but not least, it seems we can start squid_kerb_auth from >> the command line in standalone (well, that's the way it works with >> squid), is there a way to use it to debug the situation ? > Yes Just start it onthe command line and input YR <token> where <token> is > a base64 encoded token. There is a small test program squid_kerb_auth_test.c > at > http://squidkerbauth.cvs.sourceforge.net/viewvc/squidkerbauth/squid_kerb_auth/ > which you can run as follows: > kinit user@DOMAIN > ./squid_kerb_auth_test <proxy fqdn> 200 | ./squid_kerb_auth -d -s > HTTP/<proxy fqdn> > > This will create 200 authentication requests for testing. That will help me a lot ! Thank you very much for your answers ! I'll post comments as soon as it works (or I get new questions). Regards, Jeremy
