Hi,
I a m trying to authenticate users through kerberos on a windows 2003
server AD. Basically, I followed the klaubert tutorial [1], part on
Negotiate/kerberos authentication.
The kerberos stuff seems ok, I can get some tickets using kinit and
see them using klist.
The error message I get is "authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH received type 1 NTLM
token'", and I saw a previous thread talking about that [2], but I am
sorry I don't understand most of it. When it says "squid_kerb_auth
only support Kerberos, but it looks like that your client for some
reason attempted to use NTLM. ", does this mean the web browser/gssapi
or stuff on the client side is the problem ? Is there anything to do
on the windows client machine to send just a standard kerberos ticket
?
Or is the integration of ntlm_auth into squid_kerb_auth achieved
(couldn't find news on that point) and a better thing to use ?
And, last but not least, it seems we can start squid_kerb_auth from
the command line in standalone (well, that's the way it works with
squid), is there a way to use it to debug the situation ?
Thanks for your answers,
Jeremy
[1] http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/
[2] http://www.nabble.com/Negotiate-problem-%27BH-received-type-1-NTLM-token%27-td17981333.html
Received on Tue Aug 25 2009 - 17:50:11 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 26 2009 - 12:00:04 MDT