Looking at the capture it seems the client (Firefox) does not react on the
Negotiate response. I think you need to use *.vialactea.corp to fix this.
Regards
Markus
"spiderslack" <spiderslack@xxxxxxxxxxxx> wrote in message
news:4DE41183.6080902@xxxxxxxxxxxxxxx
Hi,
For the log can not see any connection against the Active Directory on
port 88 (kerberos, right). Attached is the. pcap. I did the
configuration of firefox as below
firefox set variables as follows:
network.negotiate-auth.delegation-uris=vialactea.corp
network.negotiate-auth.trusted-uris= vialactea.corp
where vialactea.corp is the domain of the Active Directory. I tried in
IE but he keeps asking for login and password infinitely
Regards
On 05/29/2011 09:39 AM, Markus Moeller wrote:
Hi,
The squid log file says that the client could not use Kerberos and
fell back to NTLM.
Can you capture the traffic from the client to the proxy and to your
Kerberos servers (e.g. active directory) with wireshark and send me
the cap file (if not too big) ?
Markus