[squid-users] NTLM Auth fails while using DNS instead of IP address
schinken
schinken at hackerspace-bamberg.de
Mon Nov 10 15:13:54 UTC 2014
Hi,
i recently configured a squid 3.3.8 on an ubuntu 14.04 trusty host using
NTLM/Kerberos auth. My configuration is mostly based on a config example
on squid-cache.org [1].
It took me a day to figure out why the following messages appeared in my
/var/log/squid3/cache.log:
> 2014/11/10 06:32:16| negotiate_kerberos_auth: ERROR: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information.
> 2014/11/10 06:32:16| ERROR: Negotiate Authentication validating user. Error returned 'BH gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information.'
> 2014/11/10 06:32:16| negotiate_wrapper: Return 'BH gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information.'
After debugging and running each command seperately i discored that the
problem lies within the client proxy settings.
If i use the IP address instead of the hostname of the squid server, the
authentication works fine.
What could that possibly be? The error message is kind of "unhelpful".
[1]
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
Thanks for help in advance,
Schinken
---
Backspace e.V.
http://hackerspace-bamberg.de
mail: schinken at hackerspace-bamberg.de
xmpp: schinken at tai-wahn.de (otr)
GPG: FFB7 E40D B2DD D24C C9B7 B5C5 703C F8B8 882C 871E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141110/ac347450/attachment-0001.sig>
More information about the squid-users
mailing list