Well, looking wireshark carefully, i have identified some behaviours:
1- Firefox sends a GET with Kerberos auth;
2- Squid server reply with "HTTP/1.0 407 Proxy Authentication Required
(text/html)";
3- Firefox sends a new request, but with basic auth;
4- Squid server reply with "HTTP/1.0 407 Proxy Authentication Required
(text/html)" again;
5- Firefox sends a new request, but with Kerberos auth again;
6- Squid server reply with "HTTP/1.0 407 Proxy Authentication Required
(text/html)" again;
7- Firefox sends a new request, but with basic auth, again;
8- Squid server say OK, and the odyssey ands.
Comparing with IE, Kerberos auth process is the same, seems that firefox
requests do not arrive at the server squid.
Regards,
Allan Carvalho
Em 24/10/2013 19:02, Markus Moeller escreveu:
Hi Allan,
Can you take a capture of the traffic from your client to squid with
wireshark ? Look at port 3128 (squid proxy port) traffic and in the
details you can see the negotiate exchange. Can you compare what you
see with IE and firefox ? Wireshark allows you to expand into the
Negotiate details where you should see some unencrypted details (e.g.
HTTP/squidsrv.example.com)
They should look the same for IE and Firefox.
Regards
Markus