[squid-users] Squit with NTLM and Kerberos auth => a error

Mon Nov 2 16:38:40 UTC 2015

Hi

i test a authentification AD with Kerberos/Ntlm

### negotiate kerberos and ntlm authentication
auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm
/usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
--kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 160 startup=5 idle=1
auth_param negotiate keep_alive on

## Module d'authentification NTLM
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 160 startup=5 idle=1
auth_param ntlm keep_alive on

## Si echec du NTLM proposer la fenetre d'authentification
auth_param basic program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-basic
auth_param basic children 40 startup=5 idle=1
auth_param basic realm Company proxy-caching web server
auth_param basic credentialsttl 2 hours

i have a lot of user that works, but for other user, squid request
Login/pass in loop.

In cache.log i have:

2015/11/02 17:37:57| squid_kerb_auth: gss_accept_sec_context() failed: An
unsupported mechanism was requested. Unknown error
2015/11/02 17:37:57 kid1| ERROR: Negotiate Authentication validating user.
Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. Unknown error'
GENSEC login failed: NT_STATUS_LOGON_FAILURE
2015/11/02 17:37:58| squid_kerb_auth: Got 'YR
YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABD2TDMmE65PuY40xQyAIQkc4CPX0n9fiYI+rHtnnNWVARKVDNO+QYYUNvc7LgBDuwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
from squid (length: 219).
2015/11/02 17:37:58| squid_kerb_auth: Decode
'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABD2TDMmE65PuY40xQyAIQkc4CPX0n9fiYI+rHtnnNWVARKVDNO+QYYUNvc7LgBDuwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
(decoded length: 161).
2015/11/02 17:37:58| squid_kerb_auth: gss_accept_sec_context() failed: An
unsupported mechanism was requested. Unknown error
2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating user.
Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. Unknown error'
2015/11/02 17:37:58| squid_kerb_auth: Got 'YR
YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABH2TDMmE65PuY40xQyAIQlCKZmWETDY7iZgTnIeQF9VidD8h6SKLzwap1w7iI5lcwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
from squid (length: 219).
2015/11/02 17:37:58| squid_kerb_auth: Decode
'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABH2TDMmE65PuY40xQyAIQlCKZmWETDY7iZgTnIeQF9VidD8h6SKLzwap1w7iI5lcwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
(decoded length: 161).
2015/11/02 17:37:58| squid_kerb_auth: gss_accept_sec_context() failed: An
unsupported mechanism was requested. Unknown error
2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating user.
Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. Unknown error'
2015/11/02 17:37:58| squid_kerb_auth: Got 'YR
YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABL2TDMmE65PuY40xQyAIQlOCybIQKGs/hmFlEu3FzYMQIag5ivNn4JcpRWBrJ5vMwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
from squid (length: 219).
2015/11/02 17:37:58| squid_kerb_auth: Decode
'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABL2TDMmE65PuY40xQyAIQlOCybIQKGs/hmFlEu3FzYMQIag5ivNn4JcpRWBrJ5vMwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
(decoded length: 161).
2015/11/02 17:37:58| squid_kerb_auth: gss_accept_sec_context() failed: An
unsupported mechanism was requested. Unknown error
2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating user.
Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. Unknown error'
GENSEC login failed: NT_STATUS_LOGON_FAILURE
GENSEC login failed: NT_STATUS_LOGON_FAILURE

anyone know this problems ?

regards
Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151102/f9153a87/attachment.html>