[squid-users] NTLM Auth fails while using DNS instead of IP address

schinken schinken at hackerspace-bamberg.de
Mon Nov 10 16:09:41 UTC 2014


Hi again,

just for documentation: I figured out what the problem was. According to
the previously mentioned configuration example [1] one can use these
encryption modes inside /etc/krb5.conf:

> ; for Windows 2003
>
> default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md
> default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md
> permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

or

> ; for Windows 2008 with AES
>
> default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
> default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
> permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5


Actually, if you use the old method (without aes and --enctypes 28), you
only can use the IP adress for your squid server instead of a DNS name.

Btw: One shouldn't use the old method if it's not needed - at least for
security reasons.

[1]
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory

Best,
Schinken

---
Backspace e.V.
http://hackerspace-bamberg.de

mail: schinken at hackerspace-bamberg.de
xmpp: schinken at tai-wahn.de (otr)
GPG: FFB7 E40D B2DD D24C C9B7 B5C5 703C F8B8 882C 871E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141110/614f2ebe/attachment.sig>


More information about the squid-users mailing list