Search squid archive

Re: Authenticate domain user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What is you access config ? Maybe you have a line which gives also
unauthenticated users access to hotmail.

BTW Do you want the workgroup users to have access after authentication ?  I
tested that it might work if you provide via dhcp a WINS server which has an
entry for the Kerberos domain.  Then users can use a domain
username/password from a workgroup PC.

Markus


"Nick Cairncross" <Nick.Cairncross@xxxxxxxxxxxxxxx> wrote in message news:7C792063A22DFB40A9387B1D11B012F660CBFEF232@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,


I use Kerberos authentication for my domain computers and users. All works well except for the following scenario: If a non-domain PC (i.e. workgroup) is pointed to squid (fqdn) I receive an unsatisfiable login prompt for my squid proxy. After three attempts with domain\username and password if I then click on the link displayed on the Access Denied squid error (e.g. www.Hotmail.com) I am able to access the browse the internet. Strange, no?

Cache.log show for the three fails

2010/06/30 15:03:56| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid (length: 59). 2010/06/30 15:03:56| squid_kerb_auth: Decode 'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded length: 40).
2010/06/30 15:03:56| squid_kerb_auth: received type 1 NTLM token
2010/06/30 15:03:56| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' 2010/06/30 15:03:56| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid (length: 59). 2010/06/30 15:03:56| squid_kerb_auth: Decode 'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded length: 40).
2010/06/30 15:03:56| squid_kerb_auth: received type 1 NTLM token
2010/06/30 15:03:56| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token'

And then shows my token & username etc as expected when I click on the 'denied' web-link..

Any help would be greatly appreciated
N

The information contained in this e-mail is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise, is not intended to waive privilege or confidentiality. Internet communications are not secure and therefore Conde Nast does not accept legal responsibility for the contents of this message. Any views or opinions expressed are those of the author.

The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square, London W1S 1JU




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux