[squid-users] Kerberos Authentication Failing for Windows 7+ with BH gss_accept_sec_context() failed

Pedro Lobo palobo at gmail.com
Sat Oct 25 14:45:07 UTC 2014


Hi Markus,

Yeah, it seemed so at the time. I tested with the same user on a Windows 7 and 2003 server. Worked fine on one and not the other. Since correcting permissions on the keytab file it's working fine on both. Could also be a total coincidence honestly. I've tried so many things I lost track to tell you the truth, but I'll be sure to update you on Monday (hopefully with good news).

Cheers,
Pedro 


On 25 Oct 2014, at 15:22, Markus Moeller wrote:

> Hi Pedro,
>
> Good to know you solved it.  From your post it sounded like XP worked and Win 7 didn’t
>
> Markus
>
>
> "Pedro Lobo" <palobo at gmail.com> wrote in message news:75991CAE-5F10-4635-B012-D372C27F8AC4 at gmail.com...
> Hi Markus,
>
> I initially had it configured as such and changed it to auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d -r -s HTTP/proxy01tst.fake.net as a troubleshooting step. I've since then changed it back. Dan pointed out earlier that it could be a permissions problem, and sure enough, permissions on /etc/squid3/PROXY.keytab were wrong (group had no read permissions). Fixing that seems to have sorted out the problem. I'll be doing more extensive testes on Monday when the test group start surfing the web.
>
> Thanks for all the help!
>
> On 25 Oct 2014, at 14:13, Markus Moeller wrote:
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 536 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141025/754fa69f/attachment-0001.sig>


More information about the squid-users mailing list