[squid-users] Kerberos (Negotiate) problem with win2008 AD users
Victor Sudakov
sudakov at sibptus.tomsk.ru
Sat Mar 5 18:01:03 UTC 2016
Markus Moeller wrote:
>
> If I look at the wireshark capture details I see that the client is sending
> a key of version 3( kvno) , but the keytab is version 1. This will create a
> mismatch. What do you get when using the 2003 clients ?
Markus, you are great! That was indeed the cause of the problem. Thank
you ever so much.
I have created an identical key with kvno=3 in the squid keytab, and
now it's working. To hell with the Windows admin and his bogus kvno.
I wish the diagnostic message was more informative, but this is not
Squid's problem, but that of the Kerberos library.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the squid-users
mailing list