On 30/04/11 20:13, Go Wow wrote:
When I run msktutil I get this line in the output.
krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
I did kinit before issuing msktutil and it ran successfully. I can see
tickets when I issue klist.
Tickets, klist and keytabs do not matter in this case Kerberos is not
involved.
On 30 April 2011 10:43, Go Wow wrote:
Hi,
I'm trying to configure Kerberos Authentication for squid. I'm
running Squid 3.1.12 and Windows 2008 R2 SP2. I have followed the
kerberos authentication guide on squid-cache and many other guides, I
always end up with these logs in my cache.log. My client browser keeps
prompting for username/password. Even a valid set of credentials are
not accepted.
2011/04/30 10:24:32| squid_kerb_auth: WARNING: received type 1 NTLM token
2011/04/30 10:24:32| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH received type 1 NTLM
token'
"type 1 NTLM" aka NTLM authentication protocol.
The Kerberos helpers for Squid only validate type 3 (Kerberos).
Markus has developed a negotiate_wrapper helepr which can split the
Negotiate auth protocol into Negotiate/Kerberos and Negotiate/NTLM
validation. That may be of some help, though there are bugs in the Squid
end which prevent is working sometimes.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
