BTW You shouldn't use anymore DES encryption as it is too weak and will be
disabled in future Kerberos libraries (as you have noticed in windows 7).
Use RC4 or AES.
Markus
"Mike Bordignon (GMI)" <mike@xxxxxxxxx> wrote in message
news:4B676552.20907@xxxxxxxxxxxx
No matter - this was the problem
http://www.mcplusa.com/blog/2009/10/authentication-with-kerberos-on-windows-7-and-the-google-search-appliance/
-------- Original Message --------
Subject: Unable to get Firefox to authenticate via Kerberos
From: Mike Bordignon (GMI) <mike@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
Date: 2/02/2010 11:03 a.m.
Hello,
I've recently managed to setup squid3.0 (STABLE8, on Debian Lenny) to
authenticate requests via a Win2003 machine over Kerberos. It's working
well with IE7 (on XP), but neither IE8 nor FF3.0 (both on Windows 7)
will authenticate successfully. When I configure a squid_ldap_auth
backup it will authenticate, but when I specify only negotiate it will
fail miserably.
This is what I'm getting in cache.log:
2010/02/02 10:53:48| squid_kerb_auth: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
(length: 59).
2010/02/02 10:53:48| squid_kerb_auth: parseNegTokenInit failed with
rc=101
2010/02/02 10:53:48| squid_kerb_auth: received type 1 NTLM token
This puzzles me as I've setup network.negotiate-auth.trusted-uris in
Firefox correctly (I've tried setting it to both domain.com and
proxy.domain.com). Using kerbtray I don't appear to have any tickets for
http/fqdn/realm.com. Should I have? Do I need to restart Windows?
IE8 appears to prompt for Integrated Security but when I enter my
credentials nothing happens. The same log entry above appears.
Any help much appreciated.
cheers
Mike
