Nick Cairncross wrote: > > What's your AD 2008 or > 2003? > AD Servers are 2008R2 in 2003 mode Nick Cairncross wrote: > > Did you use msktutil to create your keytab or ktpass? I found a few issues > with ktpass. Are you authenticating against the same computer as the squid > server or a dummy account? > I'm using msktutil for keytab generation and it's create computer account in AD with the same hostname as for squid proxy server. I'm generating keytab with -enctypes 28 flags (as i understand it's for WinServer 2008) therefore i have AES128 and AES256 records in keytab. When i try to use DES my AD did'nt understand kinit requests. Here's my set up 8 10/21/10 13:58:07 HTTP/vmproxy.fqdn@FQDN (ArcFour with HMAC/md5) 8 10/21/10 13:58:07 HTTP/vmproxy.fqdn@FQDN (AES-128 CTS mode with 96-bit SHA-1 HMAC) 8 10/21/10 13:58:07 HTTP/vmproxy.fqdn@FQDN (AES-256 CTS mode with 96-bit SHA-1 HMAC) krb5.conf default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac Regards, Dmitry Gorbunov -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-using-squid-kerb-auth-with-Internet-Explorer-8-on-Windows-Server-2008-R2-tp3013070p3014892.html Sent from the Squid - Users mailing list archive at Nabble.com.
