[squid-users] Re: Authentication using squid_kerb_auth with Internet Explorer 8 on Windows Server 2008 R2

Nick Cairncross wrote:
>
> What's your AD 2008 or
> 2003?
>

AD Servers are 2008R2 in 2003 mode

Nick Cairncross wrote:
>
> Did you use msktutil to create your keytab or ktpass? I found a few issues
> with ktpass. Are you authenticating against the same computer as the squid
> server or a dummy account?
>

I'm using msktutil for keytab generation and it's create computer account in
AD with the same hostname as for squid proxy server. I'm generating keytab
with -enctypes 28 flags (as i understand it's for WinServer 2008) therefore
i have AES128 and AES256 records in keytab. When i try to use DES my AD
did'nt understand kinit requests.
Here's my set up

8 10/21/10 13:58:07 HTTP/vmproxy.fqdn_at_FQDN (ArcFour with HMAC/md5)
8 10/21/10 13:58:07 HTTP/vmproxy.fqdn_at_FQDN (AES-128 CTS mode with 96-bit
SHA-1 HMAC)
8 10/21/10 13:58:07 HTTP/vmproxy.fqdn_at_FQDN (AES-256 CTS mode with 96-bit
SHA-1 HMAC)

krb5.conf
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac
 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac
 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac

Regards,
Dmitry Gorbunov

-- 
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-using-squid-kerb-auth-with-Internet-Explorer-8-on-Windows-Server-2008-R2-tp3013070p3014892.html
Sent from the Squid - Users mailing list archive at Nabble.com.