Re: Re: Fighting with kerberos: WARNING: received type 1 NTLM token

["Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>]

I  mean somethiong like this (opensuse12.suse.home is my squid proxy server)


> kinit -S HTTP/opensuse12.suse.home
Password for markus@xxxxxxxxx:
> klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus@xxxxxxxxx

Valid starting     Expires            Service principal
01/03/13 21:51:39  01/04/13 07:51:39  HTTP/opensuse12.suse.home@xxxxxxxxx
       renew until 01/04/13 21:51:37

Regards
Markus

"David Touzeau" <david@xxxxxxxxxxxxxx> wrote in message 
news:AED8E97D193449D9919C82D7438F10B3@xxxxxxxxxxxxxxxx...
> Hi Markus
>
> Yes i have a ticket
>
> root@000SL10PROX:~# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrateur@xxxxxxxxxxxxx
>
> Valid starting     Expires            Service principal
> 01/02/13 18:04:05  01/03/13 04:04:06  krbtgt/AFEONLINE.NET@xxxxxxxxxxxxx
>        renew until 01/03/13 18:04:05
>
> Server was connected to Active Directory
>
> Browsers are both Firefox and IE 9
>
>
>
> -----Original Message----- 
> From: Markus Moeller
> Sent: Thursday, January 03, 2013 1:09 AM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject:  Re: Fighting with kerberos: WARNING: received type 
> 1 NTLM token
>
> Hi David,
>
>  Can you get a ticket for HTTP/<squid-fqdn> ?  Do you use IE or Firefox or
> ?
>
> Markus
>
>
> "David Touzeau" <david@xxxxxxxxxxxxxx> wrote in message
> news:21ACFB9BE8E34C7DBA0FA2F2D0B329BB@xxxxxxxxxxxxxxxx...
> > Dear
> >
> > I have connected the server to the Active Directory, get tickets and so 
> > on.
> > Clients are Windows 8 connected to the domain.
> >
> > in squid.conf:
> > auth_param negotiate program /lib/squid3/negotiate_kerberos_auth -d
> > auth_param negotiate children 10
> > auth_param negotiate keep_alive on
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic credentialsttl 2 hour
> > authenticate_ip_ttl 60 seconds
> > authenticate_cache_garbage_interval 10 seconds
> > authenticate_ttl 0 hour
> >
> >
> > When browsing, Squid claim
> >
> > negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:39| 
> > negotiate_kerberos_auth: WARNING: received type 1 NTLM token
> > 2013/01/03 00:10:39 kid1| ERROR: Negotiate Authentication validating 
> > user. Error returned 'BH received type 1 NTLM token'
> > negotiate_kerberos_auth.cc(316): pid=30208 :2013/01/03 00:10:43| 
> > negotiate_kerberos_auth: DEBUG: Got 'YR 
> > TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' from squid 
> > (length: 59).
> > negotiate_kerberos_auth.cc(379): pid=30208 :2013/01/03 00:10:43| 
> > negotiate_kerberos_auth: DEBUG: Decode 
> > 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' (decoded 
> > length: 40).
> > negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:43| 
> > negotiate_kerberos_auth: WARNING: received type 1 NTLM token
> > 2013/01/03 00:10:43 kid1| ERROR: Negotiate Authentication validating 
> > user. Error returned 'BH received type 1 NTLM token'
> > negotiate_kerberos_auth.cc(316): pid=30208 :2013/01/03 00:10:48| 
> > negotiate_kerberos_auth: DEBUG: Got 'YR 
> > TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' from squid 
> > (length: 59).
> > negotiate_kerberos_auth.cc(379): pid=30208 :2013/01/03 00:10:48| 
> > negotiate_kerberos_auth: DEBUG: Decode 
> > 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' (decoded 
> > length: 40).
> > negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:48| 
> > negotiate_kerberos_auth: WARNING: received type 1 NTLM token
> > 2013/01/03 00:10:48 kid1| ERROR: Negotiate Authentication validating 
> > user. Error returned 'BH received type 1 NTLM token'
> >
> > Why, where i’m miss ???
> >
> > best regards...