[squid-users] AD / Kerberos Issues
Markus Moeller
huaraz at moeller.plus.com
Fri Nov 25 19:15:53 UTC 2016
Hi Rick,
The log indicates that your Browser sned a NTLM token not a Kerberors
token. This can be easily seen from the first characters of the token
(TlRM). Check the Kerberos communication on the client ( i.e. port 88). The
client should request a token for HTTP/<proxy-fqdn> and receive it. If not
then your name or config does not match up.
Markus
"Rick" wrote in message news:20161125110932.760cfeda at chavez...
FreeBSD 10.3 / Samba42 / Squid 3.5
All the net ads / kinit / keytab stuff seems okay however hitting Squid
from a Windows box using IE 11 results in repeated prompts for
credentials which then fails after 3 attempts.
Cache.log has:
negotiate_kerberos_auth.cc(610): pid=42160 :2016/11/25 10:51:37|
negotiate_kerberos_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from squid
(length: 59). negotiate_kerberos_auth.cc(663): pid=42160 :2016/11/25
10:51:37| negotiate_kerberos_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded
length: 40).
I have seen others post similar errors, but I have not seen any
solutions.
current relevent squid config entry:
auth_param negotiate
program /usr/local/libexec/squid/negotiate_kerberos_auth -d -s
GSS_C_NO_NAME
Any help greatly appreciated.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list