[squid-users] AD / Kerberos Issues

Markus Moeller huaraz at moeller.plus.com
Fri Nov 25 19:15:53 UTC 2016

Hi Rick,

   The log  indicates that your Browser sned a NTLM token not a Kerberors 
token. This can be easily seen from the first characters of the token 
(TlRM).  Check the Kerberos communication on the client ( i.e. port 88). The 
client should request a token for HTTP/<proxy-fqdn> and receive it.  If not 
then your name or config does not match up.


"Rick"  wrote in message news:20161125110932.760cfeda at chavez...

FreeBSD 10.3 / Samba42 / Squid 3.5

All the net ads / kinit / keytab stuff seems okay however hitting Squid
from a Windows box using IE 11 results in repeated prompts for
credentials which then fails after 3 attempts.

Cache.log has:

negotiate_kerberos_auth.cc(610): pid=42160 :2016/11/25 10:51:37|
negotiate_kerberos_auth: DEBUG: Got 'YR
(length: 59). negotiate_kerberos_auth.cc(663): pid=42160 :2016/11/25
10:51:37| negotiate_kerberos_auth: DEBUG: Decode
length: 40).

I have seen others post similar errors, but I have not seen any

current relevent squid config entry:

auth_param negotiate
program /usr/local/libexec/squid/negotiate_kerberos_auth -d -s

Any help greatly appreciated.
squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list