hi, if you have made the wiki[...]/Kerberos guide through then you are close to the goal. it seems that your problem is only configuration error on client side. since squid_kerb_auth is a MUST to configure the fqdn name of squid in the IE settings. at my place IE 7, IE 8 and FF 3.5 works great with squid_kerb_auth. regards Andrew Am Mittwoch, 26. August 2009 00:35:01 schrieb Jeremy Monnet: > On Tue, Aug 25, 2009 at 11:23 PM, Markus Moeller<huaraz@xxxxxxxxxxxxxxxx> wrote: > >> I a m trying to authenticate users through kerberos on a windows 2003 > >> server AD. Basically, I followed the klaubert tutorial [1], part on > >> Negotiate/kerberos authentication. > > > > See also http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos > > Of course I forgot this one, but I used it also. > > >> reason attempted to use NTLM. ", does this mean the web browser/gssapi > >> or stuff on the client side is the problem ? Is there anything to do > >> on the windows client machine to send just a standard kerberos ticket > >> ? > > > > Possibly. It is important that the proxy you have configured is the fqdn > > and that your web Browser supports negotiate proxy authentication (e.g IE > > > 7 or Firefox) > > Trying on windows 7 with IE 8 and FF 3.5. > > >> And, last but not least, it seems we can start squid_kerb_auth from > >> the command line in standalone (well, that's the way it works with > >> squid), is there a way to use it to debug the situation ? > > > > Yes Just start it onthe command line and input YR <token> where <token> > > is a base64 encoded token. There is a small test program > > squid_kerb_auth_test.c at > > http://squidkerbauth.cvs.sourceforge.net/viewvc/squidkerbauth/squid_kerb_ > >auth/ which you can run as follows: > > kinit user@DOMAIN > > ./squid_kerb_auth_test <proxy fqdn> 200 | ./squid_kerb_auth -d -s > > HTTP/<proxy fqdn> > > > > This will create 200 authentication requests for testing. > > That will help me a lot ! Thank you very much for your answers ! > > I'll post comments as soon as it works (or I get new questions). > > Regards, > > Jeremy >
