<html><head>
<meta name="Generator" content="Novell Groupwise Client (Version 14.0.2 Build: 120664)">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"></head>
<body style="font: 10pt/normal Segoe UI; font-size-adjust: none; font-stretch: normal;"><div class="GroupWiseMessageBody" id="GroupWiseSection_1449837284000_RBackes@bond.de_05B2296003020000B8292B00C900EF00_"><div>Is there no one who could help me ?<br></div>
<meta name="Generator" content="Novell Groupwise Client (Version 14.0.2 Build: 120664)">
<div class="GroupWiseMessageBody" id="GroupWiseSection_1449083516000_RBackes@bond.de_05B2296003020000B8292B00C900EF00_"><span class="GroupwiseReplyHeader">>>> "Rainer Backes" <RBackes@bond.de> 02.12.2015 20:12 >>><br></span><div>Hi,</div><div><br></div><div>I'm trying to build a Squid-Proxy that integrates with an Active Directory - and I think I'm only one step from succeeding, but I still get one error from negotiate_kerberos_auth.</div><div><br></div><div>Here is my config: (everything is hosted inside my VMware Workstation) - Passwords here are only experimental.</div><div><br></div><div>Basic Installation</div><div><br></div><div>- Windows Server 2012R2 with default Active Directory, only one User: me</div><div>- Windows 8.1/64 with IE and Firefox</div><div>- SLES 11 SP 4 as the Proxy</div><div><br></div><div>Squid Version: First I used the DBA Package available from OpenSuse Build Service, this is 3.5.11. Then I downloaded the newest stable source 3.5.12 and compliled it by myself (with configure options --prefix=/usr/local/squid --with-included-ltdl ), OpenLdap and Kerberos devel packages also installed from SLES11SP4 SDK. Error is the same on both versions.</div><div><br></div><div>Preparation on Windows side: </div><div><br></div><div>- Created user bsquid for the proxy, added SPN.</div><div>- with ktpass -princ <a href="mailto:HTTP/bsquid.bond.local@BOND.LOCAL">HTTP/bsquid.bond.local@BOND.LOCAL</a> -pass Sq1dcache -mapuser bsquid -pType KRB5_NT_PRINCIPAL -crypto All -out bsquid.keytab</div><div>I build a keytab file that includes ALL available Crypto algorithms (After I found out that 2012 uses AES256.... on default). Result from command:</div><div>Targeting domain controller: W2K12-Squid.bond.local<br>Using legacy password setting method<br>Successfully mapped HTTP/bsquid.bond.local to bsquid.<br>Key created.<br>Key created.<br>Key created.<br>Key created.<br>Key created.<br>Output keytab to bsquid.keytab:<br>Keytab version: 0x502<br>keysize 60 <a href="mailto:HTTP/bsquid.bond.local@BOND.LOCAL">HTTP/bsquid.bond.local@BOND.LOCAL</a> ptype 1 (KRB5_NT_PRINCIPAL) vno 10 etype 0x1 (DES-CBC-CRC) keylength 8 (0x0<br>7cbdf6d7c8f0b75)<br>keysize 60 <a href="mailto:HTTP/bsquid.bond.local@BOND.LOCAL">HTTP/bsquid.bond.local@BOND.LOCAL</a> ptype 1 (KRB5_NT_PRINCIPAL) vno 10 etype 0x3 (DES-CBC-MD5) keylength 8 (0x0<br>7cbdf6d7c8f0b75)<br>keysize 68 <a href="mailto:HTTP/bsquid.bond.local@BOND.LOCAL">HTTP/bsquid.bond.local@BOND.LOCAL</a> ptype 1 (KRB5_NT_PRINCIPAL) vno 10 etype 0x17 (RC4-HMAC) keylength 16 (0xdc<br>2fdd6643b8e3e18184d38b989b6f87)<br>keysize 84 <a href="mailto:HTTP/bsquid.bond.local@BOND.LOCAL">HTTP/bsquid.bond.local@BOND.LOCAL</a> ptype 1 (KRB5_NT_PRINCIPAL) vno 10 etype 0x12 (AES256-SHA1) keylength 32 (0<br>x3cfb4221e4f8ce0c8ce6a2a4b231872b1fe979c013ee965be8469bac4fd0e9ec)<br>keysize 68 <a href="mailto:HTTP/bsquid.bond.local@BOND.LOCAL">HTTP/bsquid.bond.local@BOND.LOCAL</a> ptype 1 (KRB5_NT_PRINCIPAL) vno 10 etype 0x11 (AES128-SHA1) keylength 16 (0<br>xc32c8f7a8a039a7921148d863a5d6f78)<br></div><div><br></div><div>with this keytab a kinit from the SLES box works without errors.</div><div><br></div><div>The negotiate line from squid.conf is as follows:</div><div>auth_param negotiate program /usr/local/squid/libexec/negotiate_kerberos_auth -d -s HTTP/bsquid.bond.local </div><div><br></div><div>I also tried to add the Kerberos realm - that did not make any difference.</div><div><br></div><div>My krb5.conf:</div><div><br></div><div>[libdefaults]<br> ticket_lifetime = 24000<br> default_realm = BOND.LOCAL<br> default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5<br> default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5<br> permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5</div><div><br></div><div>; default_tkt_enctypes = rc4-hmac arcfour-hmac-md5 des-cbc-crc des-cbc-md5<br>; default_tgs_enctypes = rc4-hmac arcfour-hmac-md5 des-cbc-crc des-cbc-md5</div><div><br></div><div>[domain_realm]<br> .bond.local = BOND.LOCAL<br> bond.local = BOND.LOCAL</div><div><br></div><div>[realms]<br> BOND.LOCAL = {<br> kdc = w2k12-squid.bond.local<br> admin_server = w2k12-squid.bond.local<br> default_domain = bond.local<br> }</div><div><br></div><div>[logging]<br> kdc = FILE:/var/log/krb5/krb5kdc.log<br> admin_server = FILE:/var/log/krb5/kadmind.log<br> default = FILE:/var/log/krb5/krb5libs.log<br>; default = SYSLOG:NOTICE:DAEMON</div><div><br></div><div><br></div><div>Set the environment variable for the keytab and starting squid -N inside a GUI-Window</div><div>bsquid:/usr/local/squid/sbin # export KRB5_KTNAME=/usr/local/squid/etc/bsquid.keytab<br>bsquid:/usr/local/squid/sbin # ./squid -N</div><div><br></div><div><br></div><div><br></div><div>On the workstation tried to open a Website, get the following error:</div><div><div>negotiate_kerberos_auth.cc(487): pid=122356 :2015/12/02 20:00:41| negotiate_kerberos_auth: INFO: Starting version 3.0.4sq<br>negotiate_kerberos_auth.cc(546): pid=122356 :2015/12/02 20:00:41| negotiate_kerberos_auth: INFO: Setting keytab to /usr/local/squid/etc/bsquid.keytab<br>negotiate_kerberos_auth.cc(610): pid=122356 :2015/12/02 20:00:41| negotiate_kerberos_auth: DEBUG: Got 'YR YIIGSgYGKwYBBQUCoIIGPjCCBjqgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBgQEggYAYIIF/AYJKoZIhvcSAQICAQBuggXrMIIF56ADAgEFoQMCAQ6iBwMFACAAAACjggR7YYIEdzCCBHOgAwIBBaEMGwpCT05ELkxPQ0FMoiQwIqADAgECoRswGRsESFRUUBsRYnNxdWlkLmJvbmQubG9jYWyjggQ2MIIEMqADAgESoQMCAQqiggQkBIIEIE0bBxNC8N0cj77UQ8WQ1nicU5iM1c96WZcSKt2OCO5h5PIcn680jYYbamAdtisA6nosAByGYqFZPmXRtgm8zwCuQ+JvemUowba7lQYmAx1b9AkvNAxCiWtW43xlTKAlXsiJdCDjFg9k3rR+bnHK/QidRps2U7TV4WO8ey5ZcW3/gC0lToL2lALORg607wlaFtmFx+Jc4y4BoX+debm9GiJOHBMGgqIVnAVC5rds06ppDpyaFghn0Mmq4dPNs9uA4FpfBrtux3TLi50X9iaF1UO0dDjkcxt2tf82prochtI7o0CQci9arOyzuHCxVjFTyFF4vw3AsJpbf0f8GXr9yMjT67N4DoYUUpNOtGEAjFLLQSeHUNvL0Sxzld8iOiSl5Ym6HOy3UCgXjJoSDY7rgNIXUIbMuBaXqkK8NNfNUDJ4VXConFNSxOkl8mbckT0vFFaa8dIwrzLnpoNKAOF7T8j1T2FILkDttR3MvlAfHbPj5GPODpX8xYgRefeE/RtbMgeje94bNsMVHAHal0Wj++RwHvmIdPYjc/cwr7pKQTCOcLz4wGJ1fz5d/tMdVoPiVx8uJ9tPNlfT3nRv+N1euVOwSKAxyv8Dw7sIYv+xkDr5tuC8Mh+8xGhl8ohetjAyFMzln4J1SvS/3Wo8X77uOKnxySx3BII5+rCIxbzhiLl8X6/1zCeR+DM5Ez/TMDOqMcmQgHtspqHmWkyAoFvYJ/ppP/wmk8F8zvkLutjpNnBndZNfj60JJqrOJYadGrAljK/PM3tOHC9F2BOeY9aZITL4cybswJ/AKwWefrdf/8yfFcPy0sa72eyfWeXl5aG/19r1L0cof9sZY4UoMrcJojUd9uqFbqNjForkpbJmH3mOQhujzRzsiEmdjTzLy2+1Hfa/4XUIob0cLr0gtKvJJGANMQj9WHWjZsR8vAF1w86qDQPmDMNmWqDyJTazreXN1TdX9FlhfvgHYsBxnnXu4bBkTL+ro/ekh+4Zd8tFlO8zrHaqMeLf7V7w6dHdC0Yj1xBkY3V7qyVqrSXI1i5Awz8QF48FU3yGq/A+zSs/5C2ij8v2Wlc5g+B/qNdbjKAtRGwqtR06f16JMrXFndJN4zqEEtBZpvk3BYQ6SJaQopwq6WdUFMLMLvqKAd5av79g7cWhWQuobFesoIQ3t9pwh3YFy12CSbZvw+VdWRqWFc7xESycqECbUIAap2euNDFuz/lYbeqHJ1E9WiMyNtI7pMk9DsSSYaUav5VypSNNugmSime3ik8QC8u6Xvlpriw7yIb+3Q9Z3S/OYa8tAuT+RuWg9+v3AIY1rPE81y/8AywMvbPoXhUvX3YHTvdSUT+hqxgdQlwix8DQhpvNfJjxtf/EEnj9G9AvXjZv43gdXCZ1UdY2cFw82qoFOiXQdD5D5aSCAVEwggFNoAMCARKiggFEBIIBQBo80CDpIOVCJc5+/xnXQ9Wa4eiN0cITJ9CsRYmwSiWDyN21Ifft9RFjAoTj41VsK8fDsRl5NKafFvjFQknDsoGKkVOuxD6pQT6OF7oxdfP1Omqktu5S5y6Vd56wXM+a6wzFm7zyOPU01CyEQwOMiyTf/hiA1I/1dUazliKXrp+IZ4rz9GaLEguvi/K3Df8bufbyUytvszhTStIPqwWY0KHoFGusYnq02l/RwnlqzsgMntc0tiHYONVcmicasIWdivrbO2jlAe+8pKlJs+AvIN6LNQZsEwOtIsh2mgd6tifamwzN00G1Hdw0dpk5tR+NlrSGyGzeVb0dHiPVBNz++eXWULylHrT/6YC+74urRQWdhfdcyj2bJDV6Iu9reSP/pNdjXIFOTpylgzdmjTMkf4/neJqvvIoH/phX9/HDW9Yq' from squid (length: 2155).<br>negotiate_kerberos_auth.cc(663): pid=122356 :2015/12/02 20:00:41| negotiate_kerberos_auth: DEBUG: Decode 'YIIGSgYGKwYBBQUCoIIGPjCCBjqgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBgQEggYAYIIF/AYJKoZIhvcSAQICAQBuggXrMIIF56ADAgEFoQMCAQ6iBwMFACAAAACjggR7YYIEdzCCBHOgAwIBBaEMGwpCT05ELkxPQ0FMoiQwIqADAgECoRswGRsESFRUUBsRYnNxdWlkLmJvbmQubG9jYWyjggQ2MIIEMqADAgESoQMCAQqiggQkBIIEIE0bBxNC8N0cj77UQ8WQ1nicU5iM1c96WZcSKt2OCO5h5PIcn680jYYbamAdtisA6nosAByGYqFZPmXRtgm8zwCuQ+JvemUowba7lQYmAx1b9AkvNAxCiWtW43xlTKAlXsiJdCDjFg9k3rR+bnHK/QidRps2U7TV4WO8ey5ZcW3/gC0lToL2lALORg607wlaFtmFx+Jc4y4BoX+debm9GiJOHBMGgqIVnAVC5rds06ppDpyaFghn0Mmq4dPNs9uA4FpfBrtux3TLi50X9iaF1UO0dDjkcxt2tf82prochtI7o0CQci9arOyzuHCxVjFTyFF4vw3AsJpbf0f8GXr9yMjT67N4DoYUUpNOtGEAjFLLQSeHUNvL0Sxzld8iOiSl5Ym6HOy3UCgXjJoSDY7rgNIXUIbMuBaXqkK8NNfNUDJ4VXConFNSxOkl8mbckT0vFFaa8dIwrzLnpoNKAOF7T8j1T2FILkDttR3MvlAfHbPj5GPODpX8xYgRefeE/RtbMgeje94bNsMVHAHal0Wj++RwHvmIdPYjc/cwr7pKQTCOcLz4wGJ1fz5d/tMdVoPiVx8uJ9tPNlfT3nRv+N1euVOwSKAxyv8Dw7sIYv+xkDr5tuC8Mh+8xGhl8ohetjAyFMzln4J1SvS/3Wo8X77uOKnxySx3BII5+rCIxbzhiLl8X6/1zCeR+DM5Ez/TMDOqMcmQgHtspqHmWkyAoFvYJ/ppP/wmk8F8zvkLutjpNnBndZNfj60JJqrOJYadGrAljK/PM3tOHC9F2BOeY9aZITL4cybswJ/AKwWefrdf/8yfFcPy0sa72eyfWeXl5aG/19r1L0cof9sZY4UoMrcJojUd9uqFbqNjForkpbJmH3mOQhujzRzsiEmdjTzLy2+1Hfa/4XUIob0cLr0gtKvJJGANMQj9WHWjZsR8vAF1w86qDQPmDMNmWqDyJTazreXN1TdX9FlhfvgHYsBxnnXu4bBkTL+ro/ekh+4Zd8tFlO8zrHaqMeLf7V7w6dHdC0Yj1xBkY3V7qyVqrSXI1i5Awz8QF48FU3yGq/A+zSs/5C2ij8v2Wlc5g+B/qNdbjKAtRGwqtR06f16JMrXFndJN4zqEEtBZpvk3BYQ6SJaQopwq6WdUFMLMLvqKAd5av79g7cWhWQuobFesoIQ3t9pwh3YFy12CSbZvw+VdWRqWFc7xESycqECbUIAap2euNDFuz/lYbeqHJ1E9WiMyNtI7pMk9DsSSYaUav5VypSNNugmSime3ik8QC8u6Xvlpriw7yIb+3Q9Z3S/OYa8tAuT+RuWg9+v3AIY1rPE81y/8AywMvbPoXhUvX3YHTvdSUT+hqxgdQlwix8DQhpvNfJjxtf/EEnj9G9AvXjZv43gdXCZ1UdY2cFw82qoFOiXQdD5D5aSCAVEwggFNoAMCARKiggFEBIIBQBo80CDpIOVCJc5+/xnXQ9Wa4eiN0cITJ9CsRYmwSiWDyN21Ifft9RFjAoTj41VsK8fDsRl5NKafFvjFQknDsoGKkVOuxD6pQT6OF7oxdfP1Omqktu5S5y6Vd56wXM+a6wzFm7zyOPU01CyEQwOMiyTf/hiA1I/1dUazliKXrp+IZ4rz9GaLEguvi/K3Df8bufbyUytvszhTStIPqwWY0KHoFGusYnq02l/RwnlqzsgMntc0tiHYONVcmicasIWdivrbO2jlAe+8pKlJs+AvIN6LNQZsEwOtIsh2mgd6tifamwzN00G1Hdw0dpk5tR+NlrSGyGzeVb0dHiPVBNz++eXWULylHrT/6YC+74urRQWdhfdcyj2bJDV6Iu9reSP/pNdjXIFOTpylgzdmjTMkf4/neJqvvIoH/phX9/HDW9Yq' (decoded length: 1614).<br>negotiate_kerberos_auth.cc(180): pid=122356 :2015/12/02 20:00:41| negotiate_kerberos_auth: ERROR: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied<br>2015/12/02 20:00:41| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied; }}</div></div><div><br></div><div>In the same GUI window, negotiate_kerberos_auth_test works:</div><div><br></div><div>bsquid:/usr/local/squid/sbin # /usr/local/squid/libexec/negotiate_kerberos_auth_test bsquid.bond.local | awk '{sub(/Token:/,"YR"); print $0}END{print "QQ"}' | /usr/local/squid/libexec/negotiate_kerberos_auth -d -s HTTP/bsquid.bond.local<br>negotiate_kerberos_auth.cc(487): pid=122362 :2015/12/02 20:04:17| negotiate_kerberos_auth: INFO: Starting version 3.0.4sq<br>negotiate_kerberos_auth.cc(546): pid=122362 :2015/12/02 20:04:17| negotiate_kerberos_auth: INFO: Setting keytab to /usr/local/squid/etc/bsquid.keytab<br>negotiate_kerberos_auth.cc(610): pid=122362 :2015/12/02 20:04:17| negotiate_kerberos_auth: DEBUG: Got 'YR YIIFOQYGKwYBBQUCoIIFLTCCBSmgHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggUEBIIFAGCCBPwGCSqGSIb3EgECAgEAboIE6zCCBOegAwIBBaEDAgEOogcDBQAAAAAAo4ID/mGCA/owggP2oAMCAQWhDBsKQk9ORC5MT0NBTKIkMCKgAwIBA6EbMBkbBEhUVFAbEWJzcXVpZC5ib25kLmxvY2Fso4IDuTCCA7WgAwIBEqEDAgEKooIDpwSCA6Mf94bC+59KaQjsnQcWkXVcQknzpZjaEaz7bbGPyUlvR+ac8Y+z7vp0807CtBysvSMTgRCU+ghgUculGmncFwXSHoIpjCAg1faW/+COorCBjnBsOGzy3/sHUstVgnT/+cbqVBk/8f2v5b7k/VmejnADQyP/8T2yphyA9xBRaPOnjQiqtVFeheVnDA3+6X8bR+IlHCC7c/KJJBFUO/nRbM7lnb2yzW/nLVHaYlzw3+o5MiKu1FYdSLGil5jFIxjhqUzOpf87Z1ax/Ojzco3gVZxSDvRNp6EJ5Nea7LVESNQGto24Cru2ae4lO0oXe7An8VFHm4tVikvZQzHprNgUQITQlVzQ0CjztGuFpIrw/xt/ie5K5XziH76YaAxpzaiVfXG02V5pdY2ntSvVN/+IqSwQ8iRxkB+ZUQdLy0gR5dPXgjW/lU2NNWcAvfJWszf8y7hzu85GCy+fQXfRMY0g6CgsUncFmQy+x6E74Ft5XD/qOnW+66+HAxA6pmzBRvos9+drul3RQvVaGwaDo5Z86bKERZFKz02tmQUXFt+fEtqAqYXfsiXKq/HmxpZF3XklrQhoolGS41JTfhDmKeN4NtQYBM/pDMCo0HYWNMKthHvKXDhhLuu+WlT41vw5fl+uDiBOEOkVMhVsxe4M+Qsdj1z/DDqBgrVpYOcSF/rTC+8wETuciuUpZKecZkhLeT3VdIYMzNnhwSBG00bktICxPTuRXZC+Qfp+E+gsGk37r7bArYxtbjHjhj3WRkRTqfk11/6j6Bq0EDZV/o1OYOSulcuXulPTKCpQ209sJJmKEqjVgdFq697HIdC1eB7m9jETJH8YzqVLx500DEDipj8VeDLyxWPcM5P4HKeLTyMxjW72nZwlSBfbpIO2ogh6j5X0+f4/nuGW43/kX7LG9K+7NoRWofmasE2fUjq2NgbL+Qg5r4nfL3byE+LR5tg5xz9tUe+WYq+FpS4HSqfcxxUhDadXW2RgKsohNR3+cqBI0jDS/IcHu8LnicRuIVIJes2Bpf3KnThA9JqlUI5GcySWKvA4S7SOvSRvqipoA412/OMiUA4JSkV98BAFZaYt5+x6TswIMAz+xngrr39oWSrnnuem7A7vOwaG2pAa4rnQlBMKWZCztO7GLjQDeJyjNFDdyhT5tM31t0gvfH1seulRlAMXR8SJrraj320For2iVZK9d9+Op2xgsfb1VfPNBoIw+LuCpAIvwdL+PgtLcXUUxdklXkhTpIHPMIHMoAMCARKigcQEgcFbbiCFd2nHRDkZiUP7oFMEf3xmoeg7/fTpZT/VUpyFeVqzKZyBt3g6WLlFa++rlZm8aRxh65oKYk6ptRZcqje02XmhQpfRkZG4+NRiu175DgGvk4pNsZfPQSKxAP1WDZ2jVRy4U5+R49NbLodhRh0KFV9R4fug30x8uxQAJVTYu952i1mrx+PD/yS6UT2KLeDpVqfFtpnlVxeYjgK7hJoLb0qgN0fJbQDEqM9vrZ396z27pNOZXI7wa06I7roQFSlZ' from squid (length: 1791).<br>negotiate_kerberos_auth.cc(663): pid=122362 :2015/12/02 20:04:17| negotiate_kerberos_auth: DEBUG: Decode 'YIIFOQYGKwYBBQUCoIIFLTCCBSmgHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggUEBIIFAGCCBPwGCSqGSIb3EgECAgEAboIE6zCCBOegAwIBBaEDAgEOogcDBQAAAAAAo4ID/mGCA/owggP2oAMCAQWhDBsKQk9ORC5MT0NBTKIkMCKgAwIBA6EbMBkbBEhUVFAbEWJzcXVpZC5ib25kLmxvY2Fso4IDuTCCA7WgAwIBEqEDAgEKooIDpwSCA6Mf94bC+59KaQjsnQcWkXVcQknzpZjaEaz7bbGPyUlvR+ac8Y+z7vp0807CtBysvSMTgRCU+ghgUculGmncFwXSHoIpjCAg1faW/+COorCBjnBsOGzy3/sHUstVgnT/+cbqVBk/8f2v5b7k/VmejnADQyP/8T2yphyA9xBRaPOnjQiqtVFeheVnDA3+6X8bR+IlHCC7c/KJJBFUO/nRbM7lnb2yzW/nLVHaYlzw3+o5MiKu1FYdSLGil5jFIxjhqUzOpf87Z1ax/Ojzco3gVZxSDvRNp6EJ5Nea7LVESNQGto24Cru2ae4lO0oXe7An8VFHm4tVikvZQzHprNgUQITQlVzQ0CjztGuFpIrw/xt/ie5K5XziH76YaAxpzaiVfXG02V5pdY2ntSvVN/+IqSwQ8iRxkB+ZUQdLy0gR5dPXgjW/lU2NNWcAvfJWszf8y7hzu85GCy+fQXfRMY0g6CgsUncFmQy+x6E74Ft5XD/qOnW+66+HAxA6pmzBRvos9+drul3RQvVaGwaDo5Z86bKERZFKz02tmQUXFt+fEtqAqYXfsiXKq/HmxpZF3XklrQhoolGS41JTfhDmKeN4NtQYBM/pDMCo0HYWNMKthHvKXDhhLuu+WlT41vw5fl+uDiBOEOkVMhVsxe4M+Qsdj1z/DDqBgrVpYOcSF/rTC+8wETuciuUpZKecZkhLeT3VdIYMzNnhwSBG00bktICxPTuRXZC+Qfp+E+gsGk37r7bArYxtbjHjhj3WRkRTqfk11/6j6Bq0EDZV/o1OYOSulcuXulPTKCpQ209sJJmKEqjVgdFq697HIdC1eB7m9jETJH8YzqVLx500DEDipj8VeDLyxWPcM5P4HKeLTyMxjW72nZwlSBfbpIO2ogh6j5X0+f4/nuGW43/kX7LG9K+7NoRWofmasE2fUjq2NgbL+Qg5r4nfL3byE+LR5tg5xz9tUe+WYq+FpS4HSqfcxxUhDadXW2RgKsohNR3+cqBI0jDS/IcHu8LnicRuIVIJes2Bpf3KnThA9JqlUI5GcySWKvA4S7SOvSRvqipoA412/OMiUA4JSkV98BAFZaYt5+x6TswIMAz+xngrr39oWSrnnuem7A7vOwaG2pAa4rnQlBMKWZCztO7GLjQDeJyjNFDdyhT5tM31t0gvfH1seulRlAMXR8SJrraj320For2iVZK9d9+Op2xgsfb1VfPNBoIw+LuCpAIvwdL+PgtLcXUUxdklXkhTpIHPMIHMoAMCARKigcQEgcFbbiCFd2nHRDkZiUP7oFMEf3xmoeg7/fTpZT/VUpyFeVqzKZyBt3g6WLlFa++rlZm8aRxh65oKYk6ptRZcqje02XmhQpfRkZG4+NRiu175DgGvk4pNsZfPQSKxAP1WDZ2jVRy4U5+R49NbLodhRh0KFV9R4fug30x8uxQAJVTYu952i1mrx+PD/yS6UT2KLeDpVqfFtpnlVxeYjgK7hJoLb0qgN0fJbQDEqM9vrZ396z27pNOZXI7wa06I7roQFSlZ' (decoded length: 1341).<br>AF oRQwEqADCgEAoQsGCSqGSIb3EgECAg== <a href="mailto:rbackes@BOND.LOCAL">rbackes@BOND.LOCAL</a><br>negotiate_kerberos_auth.cc(783): pid=122362 :2015/12/02 20:04:17| negotiate_kerberos_auth: DEBUG: AF oRQwEqADCgEAoQsGCSqGSIb3EgECAg== <a href="mailto:rbackes@BOND.LOCAL">rbackes@BOND.LOCAL</a><br>negotiate_kerberos_auth.cc(610): pid=122362 :2015/12/02 20:04:17| negotiate_kerberos_auth: DEBUG: Got 'QQ' from squid (length: 2).<br>BH quit command<br>bsquid:/usr/local/squid/sbin # </div><div><br></div><div>The Windows client has some kerberos tickets avail:</div><div>C:\Windows\system32>klist</div><div><br></div><div>Aktuelle Anmelde-ID ist 0:0x37b196</div><div><br></div><div>Zwischengespeicherte Tickets: (4)</div><div><br></div><div>#0> Client: RBackes @ BOND.LOCAL<br> Server: krbtgt/BOND.LOCAL @ BOND.LOCAL<br> KerbTicket (Verschlüsselungstyp): AES-256-CTS-HMAC-SHA1-96<br> Ticketkennzeichen 0x40e10000 -> forwardable renewable initial pre_authent name_canonicalize<br> Startzeit: 12/2/2015 18:39:42 (lokal)<br> Endzeit: 12/3/2015 4:39:42 (lokal)<br> Erneuerungszeit: 12/9/2015 18:39:42 (lokal)<br> Sitzungsschlüsseltyp: AES-256-CTS-HMAC-SHA1-96<br> Cachekennzeichen: 0x1 -> PRIMARY<br> KDC aufgerufen: W2K12-SQUID</div><div><br></div><div>#1> Client: RBackes @ BOND.LOCAL<br> Server: HTTP/bsquid.bond.local @ BOND.LOCAL<br> KerbTicket (Verschlüsselungstyp): AES-256-CTS-HMAC-SHA1-96<br> Ticketkennzeichen 0x40a10000 -> forwardable renewable pre_authent name_canonicalize<br> Startzeit: 12/2/2015 18:39:46 (lokal)<br> Endzeit: 12/3/2015 4:39:42 (lokal)<br> Erneuerungszeit: 12/9/2015 18:39:42 (lokal)<br> Sitzungsschlüsseltyp: AES-256-CTS-HMAC-SHA1-96<br> Cachekennzeichen: 0<br> KDC aufgerufen: W2K12-Squid.bond.local</div><div><br></div><div>#2> Client: RBackes @ BOND.LOCAL<br> Server: ldap/W2K12-Squid.bond.local @ BOND.LOCAL<br> KerbTicket (Verschlüsselungstyp): AES-256-CTS-HMAC-SHA1-96<br> Ticketkennzeichen 0x40a50000 -> forwardable renewable pre_authent ok_as_delegate name_canonicalize<br> Startzeit: 12/2/2015 18:39:44 (lokal)<br> Endzeit: 12/3/2015 4:39:42 (lokal)<br> Erneuerungszeit: 12/9/2015 18:39:42 (lokal)<br> Sitzungsschlüsseltyp: AES-256-CTS-HMAC-SHA1-96<br> Cachekennzeichen: 0<br> KDC aufgerufen: W2K12-Squid.bond.local</div><div><br></div><div>#3> Client: RBackes @ BOND.LOCAL<br> Server: LDAP/W2K12-Squid.bond.local/bond.local @ BOND.LOCAL<br> KerbTicket (Verschlüsselungstyp): AES-256-CTS-HMAC-SHA1-96<br> Ticketkennzeichen 0x40a50000 -> forwardable renewable pre_authent ok_as_delegate name_canonicalize<br> Startzeit: 12/2/2015 18:39:44 (lokal)<br> Endzeit: 12/3/2015 4:39:42 (lokal)<br> Erneuerungszeit: 12/9/2015 18:39:42 (lokal)<br> Sitzungsschlüsseltyp: AES-256-CTS-HMAC-SHA1-96<br> Cachekennzeichen: 0<br> KDC aufgerufen: W2K12-Squid.bond.local</div><div><br></div><div>C:\Windows\system32></div><div><br></div><div><br></div><div>Anyone an idea ?</div><div><br></div><div>Thanks, Rainer<br></div><div><br></div><div><br></div><div><br></div></div></div></body></html>