[squid-users] Ubuntu server 14.04 - Squid 3.3.8 - Active directory sync problem !
Amos Jeffries
squid3 at treenet.co.nz
Sat Oct 18 00:07:09 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 18/10/2014 8:38 a.m., Yassin CHOUCHANE wrote:
> Hello all, I have installed an ubuntu 14.04 x64 with squid v3.3.8,
> and i need to make sso with Windows microsoft active directory 2008
> server r2.
>
<snip>
> /var/log/squid/cache.log
>
> 2014/10/13 19:15:52| ERROR: Negotiate Authentication validating
> user. Error returned 'BH received type 1 NTLM token'
> negotiate_kerberos_auth.cc(315): pid=3418 :2014/10/13 19:15:52|
> negotiate_kerberos_auth: DEBUG: Got 'YR
> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from
> squid (length: 59). negotiate_kerberos_auth.cc(378): pid=3418
> :2014/10/13 19:15:52| negotiate_kerberos_auth: DEBUG: Decode
> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded
> length: 40). negotiate_kerberos_auth.cc(388): pid=3418 :2014/10/13
> 19:15:52| negotiate_kerberos_auth: WARNING: received type 1 NTLM
> token 2014/10/13 19:15:52| ERROR: Negotiate Authentication
> validating user. Error returned 'BH received type 1 NTLM token'
>
> can someone can help me to fix this problem please
As logged this is NTLM, not Kerberos.
Negotiate is a wrapper protocol around two "flavours" Negotiate/NTLM
and Negotiate/Kerberos. The client software has picked the wrong one
to use.
That usually means the problem is in the client software, in
particular how it is locating (or not) the keytab.
Some info about the client would be useful. In particular; what
software is it? what OS is it running on? does it try Kerberos or any
other login before that failed NTLM one?
NP: you could try the negotiate_wrapper helper to setup both Kerberos
and NTLM. But the best option is to get Kerberos working before going
there.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUQa8tAAoJELJo5wb/XPRjtNwH/j7mlsugEc/mhsu8Xd031VBH
WOXzci+43dBbA5eJsJVIPQWHUT0KsyT6GyOzG2BW9EoGV5ONOcaWvMGI6DGEcFhy
V+1XZTW1zlWCL8NgPbduPxK/E+AhTWiZrFqOowjRHi4SsJfRFF6bnCvbB6zagJPM
haNsB0rt2GhieECUAOqIn0eZF4a25kuuld7r3FuNmHl4XDHy/AqFN7XNtBB0t1JN
VpMPs7tKMIkEwkZ8YAzWcPrn8mEBHVlMFtS1h4G4o/gKB5MF3WWGmlFyggw9phEs
zggGCkABnPW2nKyND0LB++cBvuaFsUcKtNpbNI2Y2Lyuuhl9YOgn5Z1Nu/G4zog=
=QkfN
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list