[squid-users] NTLM Auth fails while using DNS instead of IP address
schinken
schinken at hackerspace-bamberg.de
Mon Nov 10 16:09:41 UTC 2014
Hi again,
just for documentation: I figured out what the problem was. According to
the previously mentioned configuration example [1] one can use these
encryption modes inside /etc/krb5.conf:
> ; for Windows 2003
>
> default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md
> default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md
> permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
or
> ; for Windows 2008 with AES
>
> default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
> default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
> permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
Actually, if you use the old method (without aes and --enctypes 28), you
only can use the IP adress for your squid server instead of a DNS name.
Btw: One shouldn't use the old method if it's not needed - at least for
security reasons.
[1]
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
Best,
Schinken
---
Backspace e.V.
http://hackerspace-bamberg.de
mail: schinken at hackerspace-bamberg.de
xmpp: schinken at tai-wahn.de (otr)
GPG: FFB7 E40D B2DD D24C C9B7 B5C5 703C F8B8 882C 871E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141110/614f2ebe/attachment.sig>
More information about the squid-users
mailing list