No matter - this was the problem
http://www.mcplusa.com/blog/2009/10/authentication-with-kerberos-on-windows-7-and-the-google-search-appliance/
-------- Original Message --------
Subject: Unable to get Firefox to authenticate via Kerberos
From: Mike Bordignon (GMI) <mike@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
Date: 2/02/2010 11:03 a.m.
Hello,
I've recently managed to setup squid3.0 (STABLE8, on Debian Lenny) to
authenticate requests via a Win2003 machine over Kerberos. It's working
well with IE7 (on XP), but neither IE8 nor FF3.0 (both on Windows 7)
will authenticate successfully. When I configure a squid_ldap_auth
backup it will authenticate, but when I specify only negotiate it will
fail miserably.
This is what I'm getting in cache.log:
2010/02/02 10:53:48| squid_kerb_auth: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
(length: 59).
2010/02/02 10:53:48| squid_kerb_auth: parseNegTokenInit failed with
rc=101
2010/02/02 10:53:48| squid_kerb_auth: received type 1 NTLM token
This puzzles me as I've setup network.negotiate-auth.trusted-uris in
Firefox correctly (I've tried setting it to both domain.com and
proxy.domain.com). Using kerbtray I don't appear to have any tickets for
http/fqdn/realm.com. Should I have? Do I need to restart Windows?
IE8 appears to prompt for Integrated Security but when I enter my
credentials nothing happens. The same log entry above appears.
Any help much appreciated.
cheers
Mike
