Search squid archive

Help me configure Kerberos Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

 I'm trying to configure Kerberos Authentication for squid. I'm
running Squid 3.1.12 and Windows 2008 R2 SP2. I have followed the
kerberos authentication guide on squid-cache and many other guides, I
always end up with these logs in my cache.log. My client browser keeps
prompting for username/password. Even a valid set of credentials are
not accepted.

 2011/04/30 10:24:32| squid_kerb_auth: WARNING: received type 1 NTLM token
2011/04/30 10:24:32| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH received type 1 NTLM
token'
2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
(length: 59).
2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' (decoded
length: 40).
2011/04/30 10:24:36| squid_kerb_auth: WARNING: received type 1 NTLM token
2011/04/30 10:24:36| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH received type 1 NTLM
token'
2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
(length: 59).
2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' (decoded
length: 40).
2011/04/30 10:24:36| squid_kerb_auth: WARNING: received type 1 NTLM token
2011/04/30 10:24:36| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH received type 1 NTLM
token'


 I want to check and make sure my keytab entries are good. How do I do
that? My client System can list the tickets for client principal.

 Please have a look at my krb5.conf & keytab file here
http://pastebin.com/vTBr3r5D

 I'm using this command to create the keytab file.
msktutil -c -b "CN=COMPUTERS" -s HTTP/proxyserver.orangegroup.com -h
proxyserver.orangegroup.com -k /etc/krb5.keytab --computer-name
proxyserver-http --upn HTTP/proxyserver.orangegroup.com --server
ad01.orangegroup.com --verbose

 All the domains are resolving properly to IPs.

 Thanks for your help.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux