<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>Hi Olivier,</DIV>
<DIV> </DIV>
<DIV>Which Kerberos version do you use ? MIT or Heimdal ? </DIV>
<DIV> </DIV>
<DIV>Markus</DIV>
<DIV> </DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">
<DIV>"Olivier CALVANO" <o.calvano@gmail.com> wrote in message
news:CAJajPefqOygT5zsYW7fWszwRTTxN-r1Pd-U73XDfoNax9dLHkA@mail.gmail.com...</DIV></DIV></DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">
<DIV dir=ltr>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>Hi<BR><BR></DIV>i test a authentification AD with Kerberos/Ntlm<BR><BR>###
negotiate kerberos and ntlm authentication<BR>auth_param negotiate program
/usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth
-d -s GSS_C_NO_NAME<BR>auth_param negotiate children 160 startup=5
idle=1<BR>auth_param negotiate keep_alive on<BR><BR>## Module d'authentification
NTLM<BR>auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp<BR>auth_param ntlm children 160 startup=5
idle=1<BR>auth_param ntlm keep_alive on<BR><BR>## Si echec du NTLM proposer la
fenetre d'authentification<BR>auth_param basic program /usr/bin/ntlm_auth
--diagnostics --helper-protocol=squid-2.5-basic<BR>auth_param basic children 40
startup=5 idle=1<BR>auth_param basic realm Company proxy-caching web
server<BR>auth_param basic credentialsttl 2 hours<BR><BR><BR></DIV>i have a lot
of user that works, but for other user, squid request Login/pass in
loop.<BR><BR></DIV>In cache.log i have:<BR><BR>2015/11/02 17:37:57|
squid_kerb_auth: gss_accept_sec_context() failed: An unsupported mechanism was
requested. Unknown error<BR>2015/11/02 17:37:57 kid1| ERROR: Negotiate
Authentication validating user. Error returned 'BH gss_accept_sec_context()
failed: An unsupported mechanism was requested. Unknown error'<BR>GENSEC login
failed: NT_STATUS_LOGON_FAILURE<BR>2015/11/02 17:37:58| squid_kerb_auth: Got 'YR
YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABD2TDMmE65PuY40xQyAIQkc4CPX0n9fiYI+rHtnnNWVARKVDNO+QYYUNvc7LgBDuwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
from squid (length: 219).<BR>2015/11/02 17:37:58| squid_kerb_auth: Decode
'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABD2TDMmE65PuY40xQyAIQkc4CPX0n9fiYI+rHtnnNWVARKVDNO+QYYUNvc7LgBDuwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
(decoded length: 161).<BR>2015/11/02 17:37:58| squid_kerb_auth:
gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown
error<BR>2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating
user. Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. Unknown error'<BR>2015/11/02 17:37:58| squid_kerb_auth:
Got 'YR
YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABH2TDMmE65PuY40xQyAIQlCKZmWETDY7iZgTnIeQF9VidD8h6SKLzwap1w7iI5lcwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
from squid (length: 219).<BR>2015/11/02 17:37:58| squid_kerb_auth: Decode
'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABH2TDMmE65PuY40xQyAIQlCKZmWETDY7iZgTnIeQF9VidD8h6SKLzwap1w7iI5lcwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
(decoded length: 161).<BR>2015/11/02 17:37:58| squid_kerb_auth:
gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown
error<BR>2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating
user. Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. Unknown error'<BR>2015/11/02 17:37:58| squid_kerb_auth:
Got 'YR
YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABL2TDMmE65PuY40xQyAIQlOCybIQKGs/hmFlEu3FzYMQIag5ivNn4JcpRWBrJ5vMwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
from squid (length: 219).<BR>2015/11/02 17:37:58| squid_kerb_auth: Decode
'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABL2TDMmE65PuY40xQyAIQlOCybIQKGs/hmFlEu3FzYMQIag5ivNn4JcpRWBrJ5vMwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo='
(decoded length: 161).<BR>2015/11/02 17:37:58| squid_kerb_auth:
gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown
error<BR>2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating
user. Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. Unknown error'<BR>GENSEC login failed:
NT_STATUS_LOGON_FAILURE<BR>GENSEC login failed:
NT_STATUS_LOGON_FAILURE<BR><BR><BR><BR><BR></DIV>anyone know this problems
?<BR><BR></DIV>regards<BR></DIV>Olivier<BR><BR>
<DIV>
<DIV>
<DIV> </DIV></DIV></DIV></DIV>
<P>
<HR>
_______________________________________________<BR>squid-users mailing
list<BR>squid-users@lists.squid-cache.org<BR>http://lists.squid-cache.org/listinfo/squid-users<BR></DIV></DIV></DIV></DIV></BODY></HTML>