BTW You shouldn't use anymore DES encryption as it is too weak and will be
disabled in future Kerberos libraries (as you have noticed in windows 7).
Use RC4 or AES.
Markus
"Mike Bordignon (GMI)" <mike_at_gmi.co.nz> wrote in message
news:4B676552.20907_at_gmi.co.nz...
>
> No matter - this was the problem
> http://www.mcplusa.com/blog/2009/10/authentication-with-kerberos-on-windows-7-and-the-google-search-appliance/
>
>
> -------- Original Message --------
> Subject: [squid-users] Unable to get Firefox to authenticate via Kerberos
> From: Mike Bordignon (GMI) <mike_at_gmi.co.nz>
> To: squid-users_at_squid-cache.org
> Date: 2/02/2010 11:03 a.m.
>> Hello,
>>
>> I've recently managed to setup squid3.0 (STABLE8, on Debian Lenny) to
>> authenticate requests via a Win2003 machine over Kerberos. It's working
>> well with IE7 (on XP), but neither IE8 nor FF3.0 (both on Windows 7)
>> will authenticate successfully. When I configure a squid_ldap_auth
>> backup it will authenticate, but when I specify only negotiate it will
>> fail miserably.
>>
>> This is what I'm getting in cache.log:
>>
>> 2010/02/02 10:53:48| squid_kerb_auth: Got 'YR
>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
>> (length: 59).
>> 2010/02/02 10:53:48| squid_kerb_auth: parseNegTokenInit failed with
>> rc=101
>> 2010/02/02 10:53:48| squid_kerb_auth: received type 1 NTLM token
>>
>> This puzzles me as I've setup network.negotiate-auth.trusted-uris in
>> Firefox correctly (I've tried setting it to both domain.com and
>> proxy.domain.com). Using kerbtray I don't appear to have any tickets for
>> http/fqdn/realm.com. Should I have? Do I need to restart Windows?
>>
>> IE8 appears to prompt for Integrated Security but when I enter my
>> credentials nothing happens. The same log entry above appears.
>>
>> Any help much appreciated.
>>
>>
>>
>> cheers
>> Mike
>
Received on Tue Feb 02 2010 - 06:24:42 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 03 2010 - 12:00:02 MST