Search squid archive

Re: Ubuntu server 14.04 - Squid 3.3.8 - Active directory sync problem !

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/10/2014 8:38 a.m., Yassin CHOUCHANE wrote:
> Hello all, I have installed an ubuntu 14.04 x64 with squid v3.3.8,
> and i need to make sso with Windows microsoft active directory 2008
> server r2.
> 
<snip>

> /var/log/squid/cache.log
> 
> 2014/10/13 19:15:52| ERROR: Negotiate Authentication validating
> user. Error returned 'BH received type 1 NTLM token' 
> negotiate_kerberos_auth.cc(315): pid=3418 :2014/10/13 19:15:52| 
> negotiate_kerberos_auth: DEBUG: Got 'YR 
> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from
> squid (length: 59). negotiate_kerberos_auth.cc(378): pid=3418
> :2014/10/13 19:15:52| negotiate_kerberos_auth: DEBUG: Decode 
> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded
> length: 40). negotiate_kerberos_auth.cc(388): pid=3418 :2014/10/13
> 19:15:52| negotiate_kerberos_auth: WARNING: received type 1 NTLM
> token 2014/10/13 19:15:52| ERROR: Negotiate Authentication
> validating user. Error returned 'BH received type 1 NTLM token'
> 
> can someone can help me to fix this problem please

As logged this is NTLM, not Kerberos.

Negotiate is a wrapper protocol around two "flavours" Negotiate/NTLM
and Negotiate/Kerberos. The client software has picked the wrong one
to use.
That usually means the problem is in the client software, in
particular how it is locating (or not) the keytab.

Some info about the client would be useful. In particular; what
software is it? what OS is it running on? does it try Kerberos or any
other login before that failed NTLM one?

NP: you could try the negotiate_wrapper helper to setup both Kerberos
and NTLM. But the best option is to get Kerberos working before going
there.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUQa8tAAoJELJo5wb/XPRjtNwH/j7mlsugEc/mhsu8Xd031VBH
WOXzci+43dBbA5eJsJVIPQWHUT0KsyT6GyOzG2BW9EoGV5ONOcaWvMGI6DGEcFhy
V+1XZTW1zlWCL8NgPbduPxK/E+AhTWiZrFqOowjRHi4SsJfRFF6bnCvbB6zagJPM
haNsB0rt2GhieECUAOqIn0eZF4a25kuuld7r3FuNmHl4XDHy/AqFN7XNtBB0t1JN
VpMPs7tKMIkEwkZ8YAzWcPrn8mEBHVlMFtS1h4G4o/gKB5MF3WWGmlFyggw9phEs
zggGCkABnPW2nKyND0LB++cBvuaFsUcKtNpbNI2Y2Lyuuhl9YOgn5Z1Nu/G4zog=
=QkfN
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux