Hi Allan,
Can you take a capture of the traffic from your client to squid with
wireshark ? Look at port 3128 (squid proxy port) traffic and in the details
you can see the negotiate exchange. Can you compare what you see with IE
and firefox ? Wireshark allows you to expand into the Negotiate details
where you should see some unencrypted details (e.g.
HTTP/squidsrv.example.com)
They should look the same for IE and Firefox.
Regards
Markus
"Allan Carvalho" wrote in message
news:BLU0-SMTP349E40D744D0531E56CD944D10C0@xxxxxxx...
- Squid 3.1.20-2.2
- Debian 7.2
- Windows Server 2012
- Windows 7 64bits (client)
- Mozilla Firefox 24 32 bits
In this environment,authentication is donevia
Kerberos,withkeypadgenerated byktpass.
My keypad:
root@japura:/etc/squid3# klist -ekt squid.keytab
Keytab name: FILE:squid.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
3 31-12-1969 21:00:00 HTTP/squidsrv.example.com@xxxxxxxxxxx
(des-cbc-crc)
3 31-12-1969 21:00:00
HTTP/squidsrv.example.com@xxxxxxxxxxx (des-cbc-md5)
3 31-12-1969 21:00:00
HTTP/squidsrv.example.com@xxxxxxxxxxx (arcfour-hmac)
3 31-12-1969 21:00:00
HTTP/squidsrv.example.com@xxxxxxxxxxx (aes256-cts-hmac-sha1-96)
3 31-12-1969 21:00:00
HTTP/squidsrv.example.com@xxxxxxxxxxx (aes128-cts-hmac-sha1-96)
AuthenticationIEandChromegoes smoothly, not in Firefox, in cache.log i have:
authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. '
I tried to fill network.negotiate-auth.trusted-uris with example.com (my
domain) in about:config but without success.
I tried to generate the keytab with msktutil, no success.
Could someone please help me? It's a Windows 7 bug, a Mozilla Firefox
bug or a wrong keytab?
Would be grateful to receive a light.
Best Regards,
Allan Carvalho