ons 2011-01-19 klockan 13:12 +0100 skrev Rafal Zawierta: > authenticateNegotiateHandleReply: Error validating user via Negotiate. > Error returned 'BH received type 1 NTLM token' That the client selected to use NTLM, not Kerberos. The squid_kerb_auth helper only supports Kerberos. To support NTLM you also need to configure NTLM authentication support in Squid. The Negotiate scheme as such on the wire supports any authentication method Windows SPNEGO supports. I can only guess to why the client did not select to use Kerberos * Did not find the right kerberos principal in the domain directory. * do not trust the requested proxy server for Kerbeors authentication * perhaps kerberos auth failed somehow and it did a fallback on NTLM? Regards Henrik
