Markus Moeller wrote: > > What does the squid log say when you use -d for the authentication > helper ? I have uploaded the cache.log here: ftp://ftp.sibptus.ru/pub/vas/1.zip There seems to be a message size limit in this list, so I cannot attach it. The helper error message is along the lines of the dreaded negotiate_kerberos_auth.cc(180): pid=40787 :2016/03/05 10:31:25| negotiate_kerberos_auth: ERROR: gss_accept_sec_context() failed: Miscellaneous failure (see text). unknown mech-code 0 for mech unknown 2016/03/05 10:31:25 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Miscellaneous failure (see text). unknown mech-code 0 for mech unknown; }} > > Can you provide a wireshark capture from the client ? I have also uploaded the capture to ftp://ftp.sibptus.ru/pub/vas/1.zip > I guess that 2008 is using AES not RC4. I am pretty sure the client is using arcfour-hmac-md5, but all right. This time I have given to squid the whole keytab as is (as received from the Windows admin). It contains: squid.keytab: Vno Type Principal 1 des-cbc-crc HTTP/proxy2.sibptus.ru@xxxxxxxxxxx 1 des-cbc-md5 HTTP/proxy2.sibptus.ru@xxxxxxxxxxx 1 arcfour-hmac-md5 HTTP/proxy2.sibptus.ru@xxxxxxxxxxx 1 aes256-cts-hmac-sha1-96 HTTP/proxy2.sibptus.ru@xxxxxxxxxxx 1 aes128-cts-hmac-sha1-96 HTTP/proxy2.sibptus.ru@xxxxxxxxxxx -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@xxxxxxxxxxxxxxxx _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
