Hi Lieven
"Lieven" <lievendp@xxxxxxxxx> wrote in message
news:4BE6BD24.7090402@xxxxxxxxxxxx
Hello Markus,
Sorry for my slow reaction.
1) I did a klist on the squid server and got this ticket:
squid3-proxy:/var/log/squid-3.1.3# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@xxxxxxxxxxxx
Valid starting Expires Service principal
05/09/10 14:35:00 05/10/10 00:34:04 krbtgt/DOMAIN.LOCAL@xxxxxxxxxxxx
renew until 05/10/10 14:35:00
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
=> Do I have to renew this ticket from the server everyday? I thought that
I
only needed this ticket once to get my squid server into the AD domain
with the
msktutil?
As you say this is only for the one time use of msktutil.
2) I installed the kerbtray tool from the windows 2003 tools on my xp pc.
My xp pc is connected via a windows vpn for this test, I logon with my
domain
credentials, connecting to vpn works fine, As soon as I try to connect to
a site
via the squid3-proxy server, I get one ticket in kerbtray.
This is the only ticket I have in the list:
krbtgt/DOMAIN.LOCAL for the client principal: bait@xxxxxxxxxxxx
the service name is: krbtgt/DOMAIN.LOCAL@xxxxxxxxxxxx
target name is: krbtgt/DOMAIN@xxxxxxxxxxxx
flags: forwardable, renewable, preauthenticated, initial
encryption types: ticket encryption time: etype 18 and key encryption
type: etype 0
That looks good
regarding DNS, I doublechecked and A and PTR lookup are ok from the
client.
3) When I open a site in my firefox browser on the client where I put the
fqdn
What you should see is a request from the client to Active Directory asking
for a TGS for HTTP/<fqdn of proxy>. If that does not happen or get refused
by AD the client will fall back to NTLM (wrapped into the Negotiate
response) which is waht you see on the proxy.
name as proxyserver, I see following in the cache.log on squid:
2010/05/09 14:59:03| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
(length: 59).
2010/05/09 14:59:03| squid_kerb_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded
length: 40).
2010/05/09 14:59:03| squid_kerb_auth: WARNING: received type 1 NTLM token
2010/05/09 14:59:03| authenticateNegotiateHandleReply: Error validating
user via
Negotiate. Error returned 'BH received type 1 NTLM token'
2010/05/09 14:59:04| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
(length: 59).
2010/05/09 14:59:04| squid_kerb_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded
length: 40).
2010/05/09 14:59:04| squid_kerb_auth: WARNING: received type 1 NTLM token
2010/05/09 14:59:04| authenticateNegotiateHandleReply: Error validating
user via
Negotiate. Error returned 'BH received type 1 NTLM token'
4) It seems that winpcap 4.1 which I installed on my client is not able to
scan
the ppp interface which I use to connect to the windows vpn.
I will send a dump from that traffic as soon as I have access to a pc at
the
location. (non vpn)
How do I add a dump from wireshark?
I got a tcpdump on the squid server which I opened in wireshark and then I
exported it as a plaintext file (all captured traffic, 49 packets) but
it's
quiete large. (about 917 lines)
In wireshark you can select the lines you want to export (e.g. only port 88
and port 53) as a .cap file.
Thanks for your help.
kind regards,
Lieven
Regards
Markus
