On Tue, Aug 25, 2009 at 11:23 PM, Markus Moeller<huaraz_at_moeller.plus.com> wrote:
>> I a m trying to authenticate users through kerberos on a windows 2003
>> server AD. Basically, I followed the klaubert tutorial [1], part on
>> Negotiate/kerberos authentication.
> See also http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
Of course I forgot this one, but I used it also.
>> reason attempted to use NTLM. ", does this mean the web browser/gssapi
>> or stuff on the client side is the problem ? Is there anything to do
>> on the windows client machine to send just a standard kerberos ticket
>> ?
> Possibly. It is important that the proxy you have configured is the fqdn
> and that your web Browser supports negotiate proxy authentication (e.g IE >
> 7 or Firefox)
Trying on windows 7 with IE 8 and FF 3.5.
>> And, last but not least, it seems we can start squid_kerb_auth from
>> the command line in standalone (well, that's the way it works with
>> squid), is there a way to use it to debug the situation ?
> Yes Just start it onthe command line and input YR <token> where <token> is
> a base64 encoded token. There is a small test program squid_kerb_auth_test.c
> at
> http://squidkerbauth.cvs.sourceforge.net/viewvc/squidkerbauth/squid_kerb_auth/
> which you can run as follows:
> kinit user_at_DOMAIN
> ./squid_kerb_auth_test <proxy fqdn> 200 | ./squid_kerb_auth -d -s
> HTTP/<proxy fqdn>
>
> This will create 200 authentication requests for testing.
That will help me a lot ! Thank you very much for your answers !
I'll post comments as soon as it works (or I get new questions).
Regards,
Jeremy
Received on Tue Aug 25 2009 - 22:35:10 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 26 2009 - 12:00:04 MDT