Search squid archive

Re: Squid 3.1.6, Kerberos and strange browser auth behavior

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I would just like to add more info

squid_kerb_auth debug in cache.log shows that Squid in IE case got 2x Got/Decode/AF (even though Wireshark says that IE requested and got ticket from AD server 3 times?) while on Chrome case once.

On test Fedora setup, where everything works fine, I get one debug Got/Decode/AF series as expected.

--- On Tue, 9/21/10, Aleksandar Ciric <aciric79@xxxxxxxxx> wrote:

> From: Aleksandar Ciric <aciric79@xxxxxxxxx>
> Subject:  Squid 3.1.6, Kerberos and strange browser auth behavior
> To: squid-users@xxxxxxxxxxxxxxx
> Date: Tuesday, September 21, 2010, 5:52 AM
> Hello,
> 
> I have a Gentoo server with 3.1.6 Squid. I have setup
> Kerberos authentication with our AD server that works
> correctly when accessed from domain member computer.
> However when I access it from (fully updated) Windows XP
> computer that is not a member of a domain I get a prompt in
> IE8, I fill the prompt but have to acknowledge it 3 time in
> a row until I am granted access. Wireshark shows that IE8
> successfully goes through AS-REQ/AS-REP TGS-REQ/TGS-REP on
> each prompt acknowledgement. It sends same ticket (according
> to version number) along with GET request but is let through
> only on 3rd attempt.
> 
> Chrome behaves a bit differently, it goes through
> AS-REQ/AS-REP TGS-REQ/TGS-REP only once, but only upon
> hitting refresh 3rd time (on 3rd GET) it gets through (as
> with IE, it does send ticket on first 2 GETs too).
> 
> Firefox does't even get to try it, it as other browsers
> tries NTLM on startup but gives up upon failure and doesn't
> switch to Kerberos, however it works fine when user is
> logged in with domain credentials.
> 
> I have similar working test setup on Fedora 10, with 3.0.22
> Squid and there is no such behavior noticed, so it cant be
> the clients fault. (same config setting both for Kerberos
> and Squid, same AD). It actually runs on my desktop machine
> while Gentoo one is VM on VmWare Infrastructure. Both
> machines are similar specs, VM one being even faster (3ghz
> XEON with 2GB RAM).
> I am puzzled as to what might be reason for this behavior,
> any help would be more than welcome?
> 
> Cira
> 
> 
>       
> 
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux