Search squid archive

Re: AD / Kerberos Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Rick,

The log indicates that your Browser sned a NTLM token not a Kerberors token. This can be easily seen from the first characters of the token (TlRM). Check the Kerberos communication on the client ( i.e. port 88). The client should request a token for HTTP/<proxy-fqdn> and receive it. If not then your name or config does not match up.

Markus


"Rick"  wrote in message news:20161125110932.760cfeda@chavez...

FreeBSD 10.3 / Samba42 / Squid 3.5

All the net ads / kinit / keytab stuff seems okay however hitting Squid
from a Windows box using IE 11 results in repeated prompts for
credentials which then fails after 3 attempts.

Cache.log has:

negotiate_kerberos_auth.cc(610): pid=42160 :2016/11/25 10:51:37|
negotiate_kerberos_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from squid
(length: 59). negotiate_kerberos_auth.cc(663): pid=42160 :2016/11/25
10:51:37| negotiate_kerberos_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded
length: 40).

I have seen others post similar errors, but I have not seen any
solutions.

current relevent squid config entry:

auth_param negotiate
program /usr/local/libexec/squid/negotiate_kerberos_auth -d -s
GSS_C_NO_NAME

Any help greatly appreciated.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux