[squid-users] Re: Re: Re: kerberos (AD) authentication - squid_kerb_auth from Markus Moeller on 2009-08-27 (squid-users)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Thu, 27 Aug 2009 19:16:14 +0100

"Jeremy Monnet" <jmonnet_at_gmail.com> wrote in message
news:2b1bd02c0908270702p7f8d7936lcfb43c52aae79fe5_at_mail.gmail.com...
> Hi again,
>
> On Thu, Aug 27, 2009 at 12:40 PM, Jeremy Monnet<jmonnet_at_gmail.com> wrote:
>> On Thu, Aug 27, 2009 at 9:28 AM, Mrvka Andreas<mrv_at_tuv.at> wrote:
>>> Am Donnerstag, 27. August 2009 08:40:53 schrieb Jeremy Monnet:
>>>> Would you have any clue to what the problem may be ? Should I try with
>>>> the MIT libs instead ?
>>>>
>>> I use MIT libs... FYI
>>
>> Thanks for this piece of information, it helped very much (though the
>> problem may not have been the library in itself).
>>
>> Now it works. Several pieces of information I think would be needed to
>> be added to the wiki, mostly regarding windows configuration in fact.
>> The squid/suid_kerb_auth/kerberos config was fine from the beginning I
>> think (except maybe for the rights to the keytab file, but that was my
>> mistake, and it is already written on the wiki).
>>
>> Some other stuff may be useful, such as "you need the support tools on
>> windows to have the ktpass command" or "you need the ressource kit to
>> use the kerbtrau command", but that is very windows-ish stuff, though
>> that is very useful to have this in a single wiki page IMHO.
>>
>
> In fact, it works with windows XP (tried IE7, FF2 and FF3.5, I am
> installing now IE8), but it doesn't work on windows 7 (IE8 and FF
> 3.5). I am getting again
> 2009/08/27 16:00:40.958| authenticateNegotiateHandleReply: helper:
> '0x9cd1d48' sent us 'NA received type 1 NTLM token'
> 2009/08/27 16:00:40.959| authenticateNegotiateReleaseServer: releasing
> server '0x9cd1d48'
> 2009/08/27 16:00:40.959| authenticateNegotiateHandleReply: Failed
> validating user via Negotiate. Error returned 'received'
>
> I will look for some settings in seven, but has someone tested it
> (successfully or not) under windows seven yet ?
>

Unfortunately I don't have Windows 7 (mainly because of MS punishment of
Europeans who can not upgrade Vista/XP)

> Thanks again !
>
> Jeremy
>

Regards
Markus
Received on Thu Aug 27 2009 - 18:28:57 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 28 2009 - 12:00:03 MDT