[squid-users] Re: squid_kerb_auth

The error "Configuration file does not specify default realm" seems to
indicate a configuration error. How does your krb5.conf look like ?

Is the default realm REDECAMARA.CAMARA.GOV.BR ?

Markus

"Luis Conrado Andrade" <luis.conrado_at_live.com> wrote in message
news:BLU138-W180A41ECD31299924ABB31F4560_at_phx.gbl...

Hi,

We´re working on a substitution of an ISA by a SQUID server. The problem is
that we have more than 8.000 users and the authentication is based on a
Microsoft AD, so we intend to use kerberos authentication to have a better
perfomance.

We´re using a CentOS 5 with all patches installed. A squid rpm from Martin
Nagy, squid-3.0.stable7-1.el5.

After the configuration based on Klaubert´s howto,
http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/
our user can´t be authenticated. Messages in cache log says:

2008/09/11 16:20:00| squid_kerb_auth: Got 'YR
YIIGBQYGKwYBBQUCoIIF+TCCBfWgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBcsEggXHYIIFwwYJKoZIhvcSAQICAQBuggWyMIIFrqADAgEFoQMCAQ6iBwMFACAAAACjggTNYYIEyTCCBMWgAwIBBaEaGxhSRURFQ0FNQVJBLkNBTUFSQS5HT1YuQlKiMTAvoAMCAQKhKDAmGwRIVFRQGx5zcXVpZC5yZWRlY2FtYXJhLmNhbWFyYS5nb3YuYnKjggRtMIIEaaADAgEXoQMCAQWiggRbBIIEV5Qm2NMy0gKKYtuKMx9T12WKM24qutQRoxsSas4vjjo+NnezSCPp6KqjT1MZpLX9YnAshwpqWmWx+jW4ciP9s2Mn9MQkRPbCfmwtQi8/toSCp7X7uXMivLTKgT0ecuaYibQyuIuSopRINZnZ5Cv5r2uG2DFyO97NuzOTfDAcSXPKWvJa6zUwwcMXGA3xDX3ZG35iXTEmXm1FTDZ8pN1xSEDaFWlxTbh8y8GhIy1XJ17hIu68+MXuwYka7Gey/Ll1rv+bCh4Takzwgl1k0FIrYlHRyvZB38g1I5Z+RKrZZj/E6jjXwGJSOAK4oTGcDUl7gdrfNtzZgu/wxwgn669V7f6724xEoPb1Gm3RUhCIEstN2BI9NKAFUSAdEoC30ax/bXDQrELiq30wgQywd9LzON+r0IwqCDiMWdwA5u8NZcVSLuhvd2bpvP5+Xh/8jH4L4A+d30NrUmM3hnWHIMfLi6n6gyOVEpurlAFrNMDz7YdaXugak2mZfHBYJHcsn+h1YFzo5p1r2UrYZ7Hu6pe8MOTKZCwxmG3QfYYhDIZk9UVa8zkzMCfwAjuxUmmLlwgXmPdPnmPs6mDi35MaF4BDyeDiaxmRhSOlj6ouNJUnLFDw3JofTU5EVayXxMC6EIKn3PdtEQf/sdHuD6lO/AS5q7pnLC/wzN/j4q1YzA5i2m4Gr5sZgaR/Idl28jGpyAO4hjaA2I2P+K4
v9HDw4u46u0ULOwbFIIEiBw4O858hsVCtEqhDPnPRG8FgKgm+dVragUhxRpvwzoLXAx4CZzxXxtdCmw1APMf3N75InpLUTu+cmB6Jenf8ItG+pqySmnkJrtvjqClVpkfskomBvk9WHYyFLymzqgrWKFRbSVdkaW31ZtsfuMNGvp8t8Pn6bgkPgc6tFpnrYXek6MiGxnRVjCaWkNO2YKSEen71NxeAvlCKwXOgNBhdQTsl4EohQYMs6R4TDkqBa76Ct5VCas2QxcQPhZXweqHKFVLM6FGjlshwiNeIPlw4dpLuI69QrBimDGfgzdKES5pWll1uP9BO/s6ZAKu/+nAShzTIHNah7yO93XUIJyAe+upQ74Df+9vak1/bRJ5h0YZ0TFHVDL/modfD9LGk0Y+JSe8ZB1bOAbp8Ihyd/0dXnzFUk3YY8m8SCRADrcrUR2L8PogRYkaZ4vyp/wYqje8JvrQW9QTGvR7iWfyTddcZw6Cn6wJOWD2QexlJbGfF0m1Y+koHs4rIM3qbIqXKtSi3Ridv5s3nhLQdO3+rmnQcOYDHusmoXHXkfbvrK/rEMZq3YWCEJxKdIYMcn4GXy7ETT2MeIcl0ru736f0a/cPZAhcmYhGiztrHABssUjkLX8GFJjd25SWiEF5uAgbclb1fP+kEcaP5o+Tb35q41us5bdjp8nnFyyMq8dTxU6ZhxC005XHBXz03OzDbK9NFVxnunR0zTdw9pBpeFbh4OlL7Qa/Y1GUUhZ3VRiPpSqFnzPKkgccwgcSgAwIBF6KBvASBuaYouu2CHeCrcwba+doecIQim1G9hP6lhmHEXsNylD5wv7M0yKz6Rez+wRZ9Tv+yh37B55dyeCrkd8vU+TWou7lyq7ABvVsYY+0wwaLDs94ENrUm1QTGI/bIA+aynl+gnFsqwrNFAN0q3psNb0LqInleHut9/v/Pj66EHxAC20CemdCK8yW9hhlhhF3YLTvT6ZXzk7+o8iavL4ijQQwy1Lk3qdP5rzUDhBaGb8SndD
P3/f/Jv8kmOHQY'
from squid (length: 2063).
2008/09/11 16:20:00| squid_kerb_auth: parseNegTokenInit failed with rc=102
2008/09/11 16:20:00| squid_kerb_auth: gss_acquire_cred() failed: An invalid
name was supplied. Configuration file does not specify default realm
2008/09/11 16:20:00| squid_kerb_auth: User not authenticated

Questions:

1- Does anyone have squid_kerb_auth working with CentOS 5 and Windows 2003
AD serve?

2- Should we use kerberos authentication or NTLM is ok (based on the number
of clients)?

Any help is appreciated.

Best regards,

        Conrado

_________________________________________________________________
Conheça o Windows Live Spaces, a rede de relacionamentos do Messenger!
http://www.amigosdomessenger.com.br/
Received on Thu Sep 11 2008 - 20:53:09 MDT