[squid-users] Kerberos Authentication Failing for Windows 7+with BH gss_accept_sec_context() failed
Victor Sudakov
sudakov at sibptus.tomsk.ru
Thu Nov 6 15:50:11 UTC 2014
Victor Sudakov wrote:
>
> However, I am eager to know what could be causing such weird tickets
> to be issued, but I think only a Windows expert can tell. After all,
> the key in the tickets is correct, only the principal name is changed.
> I only suspect that the name is changed when the client sets the
> Canonicalize option in the request, and not all clients do that.
>
> <rant>I have not been able to find such an expert, most Windows admins I
> know are GUI mouse boys without thorough understanding of Windows
> internals.</rant>
I have found a Windows expert who suggested editing the registry:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\DOMAIN]
"RealmFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\domain.example]
"RealmFlags"=dword:00000000
The link to Windows docs where "RealmFlags" is mentioned:
http://msdn.microsoft.com/en-us/library/cc233855.aspx
I have updated the Russian Howto accordingly
https://bitbucket.org/victor_sudakov/faq/src/tip/FAQ/squid_kerberos.txt
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the squid-users
mailing list