
<HTML><HEAD></HEAD>

<BODY dir=ltr>

<DIV dir=ltr>

<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">

<DIV>Hi Olivier,</DIV>

<DIV> </DIV>

<DIV>Which Kerberos version do you use ?  MIT or Heimdal ?  </DIV>

<DIV> </DIV>

<DIV>Markus</DIV>

<DIV> </DIV>

<DIV 

style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">

<DIV 

style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">

<DIV>"Olivier CALVANO" <o.calvano@gmail.com> wrote in message 

news:CAJajPefqOygT5zsYW7fWszwRTTxN-r1Pd-U73XDfoNax9dLHkA@mail.gmail.com...</DIV></DIV></DIV>

<DIV 

style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">

<DIV 

style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">

<DIV dir=ltr>

<DIV>

<DIV>

<DIV>

<DIV>

<DIV>

<DIV>Hi<BR><BR></DIV>i test a authentification AD with Kerberos/Ntlm<BR><BR>### 

negotiate kerberos and ntlm authentication<BR>auth_param negotiate program 

/usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics 

--helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/squid_kerb_auth 

-d -s GSS_C_NO_NAME<BR>auth_param negotiate children 160 startup=5 

idle=1<BR>auth_param negotiate keep_alive on<BR><BR>## Module d'authentification 

NTLM<BR>auth_param ntlm program /usr/bin/ntlm_auth --diagnostics 

--helper-protocol=squid-2.5-ntlmssp<BR>auth_param ntlm children 160 startup=5 

idle=1<BR>auth_param ntlm keep_alive on<BR><BR>## Si echec du NTLM proposer la 

fenetre d'authentification<BR>auth_param basic program /usr/bin/ntlm_auth 

--diagnostics --helper-protocol=squid-2.5-basic<BR>auth_param basic children 40 

startup=5 idle=1<BR>auth_param basic realm Company proxy-caching web 

server<BR>auth_param basic credentialsttl 2 hours<BR><BR><BR></DIV>i have a lot 

of user that works, but for other user, squid request Login/pass in 

loop.<BR><BR></DIV>In cache.log i have:<BR><BR>2015/11/02 17:37:57| 

squid_kerb_auth: gss_accept_sec_context() failed: An unsupported mechanism was 

requested. Unknown error<BR>2015/11/02 17:37:57 kid1| ERROR: Negotiate 

Authentication validating user. Error returned 'BH gss_accept_sec_context() 

failed: An unsupported mechanism was requested. Unknown error'<BR>GENSEC login 

failed: NT_STATUS_LOGON_FAILURE<BR>2015/11/02 17:37:58| squid_kerb_auth: Got 'YR 

YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABD2TDMmE65PuY40xQyAIQkc4CPX0n9fiYI+rHtnnNWVARKVDNO+QYYUNvc7LgBDuwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=' 

from squid (length: 219).<BR>2015/11/02 17:37:58| squid_kerb_auth: Decode 

'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABD2TDMmE65PuY40xQyAIQkc4CPX0n9fiYI+rHtnnNWVARKVDNO+QYYUNvc7LgBDuwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=' 

(decoded length: 161).<BR>2015/11/02 17:37:58| squid_kerb_auth: 

gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown 

error<BR>2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating 

user. Error returned 'BH gss_accept_sec_context() failed: An unsupported 

mechanism was requested. Unknown error'<BR>2015/11/02 17:37:58| squid_kerb_auth: 

Got 'YR 

YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABH2TDMmE65PuY40xQyAIQlCKZmWETDY7iZgTnIeQF9VidD8h6SKLzwap1w7iI5lcwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=' 

from squid (length: 219).<BR>2015/11/02 17:37:58| squid_kerb_auth: Decode 

'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABH2TDMmE65PuY40xQyAIQlCKZmWETDY7iZgTnIeQF9VidD8h6SKLzwap1w7iI5lcwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=' 

(decoded length: 161).<BR>2015/11/02 17:37:58| squid_kerb_auth: 

gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown 

error<BR>2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating 

user. Error returned 'BH gss_accept_sec_context() failed: An unsupported 

mechanism was requested. Unknown error'<BR>2015/11/02 17:37:58| squid_kerb_auth: 

Got 'YR 

YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABL2TDMmE65PuY40xQyAIQlOCybIQKGs/hmFlEu3FzYMQIag5ivNn4JcpRWBrJ5vMwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=' 

from squid (length: 219).<BR>2015/11/02 17:37:58| squid_kerb_auth: Decode 

'YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAABL2TDMmE65PuY40xQyAIQlOCybIQKGs/hmFlEu3FzYMQIag5ivNn4JcpRWBrJ5vMwAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=' 

(decoded length: 161).<BR>2015/11/02 17:37:58| squid_kerb_auth: 

gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown 

error<BR>2015/11/02 17:37:58 kid1| ERROR: Negotiate Authentication validating 

user. Error returned 'BH gss_accept_sec_context() failed: An unsupported 

mechanism was requested. Unknown error'<BR>GENSEC login failed: 

NT_STATUS_LOGON_FAILURE<BR>GENSEC login failed: 

NT_STATUS_LOGON_FAILURE<BR><BR><BR><BR><BR></DIV>anyone know this problems 

?<BR><BR></DIV>regards<BR></DIV>Olivier<BR><BR>

<DIV>

<DIV>

<DIV> </DIV></DIV></DIV></DIV>

<P>

<HR>

_______________________________________________<BR>squid-users mailing 

list<BR>squid-users@lists.squid-cache.org<BR>http://lists.squid-cache.org/listinfo/squid-users<BR></DIV></DIV></DIV></DIV></BODY></HTML>