On 2014-02-03 12:06, Markus Moeller wrote:
Hi,
I am testing authenticating a XP machine with Kerberos, but the
client tries Negotiate/NTLM first after which squid does not accept
the change to Negotiate/Kerberos anymore.
If you look at the wireshark log you authentication attempts at
20:44:20 for Negotiate/NTLM and at 22:44:30 the client changed to
Negotiate/Kerberos, but the cache.log file does not get any request
after the 20:44:20 NTLM request. I can only see the deny entries in
the access.log.
I use squid 3.4.1 from the repository from 24 Dec 2013.
Is this an expected behavious ?
Depends. Is this renegotiation being done on the same connection as NTLM
was begun? (sorry cant view the packet trace right now).
Do you get the same results with 3.4.3?
It could be related to the helper decoding or external ACL loops bugs
fixed in 3.4.2 and 3.4.3.
Amos