Hello,
I'm trying to set up squid to auth against AD.
AD is on 2008 server (but functionality level of 2003).
Kerberos works fine, from linux machine (debian) kinit and klist and
kutil are all right. I also have created krb5.keytab and for my proxy
user I have:
ktutil: rkt /etc/krb5.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 HTTP/squid.pfsee.net_at_PFSEE.NET
2 2 HTTP/squid.pfsee.net_at_PFSEE.NET
3 2 HTTP/squid.pfsee.net_at_PFSEE.NET
4 2 HTTP/squid_at_PFSEE.NET
5 2 HTTP/squid_at_PFSEE.NET
6 2 HTTP/squid_at_PFSEE.NET
ktutil: q
squid - hostname of linux machine
pfsee.net - my AD domain
Squid3 cache.log (at startup)
2011/01/19 13:07:43| Process ID 1782
2011/01/19 13:07:43| With 65535 file descriptors available
2011/01/19 13:07:43| Initializing IP Cache...
2011/01/19 13:07:43| helperOpenServers: Starting 10/10
'squid_kerb_auth' processes
(is it working now?)
First try - IE8 from my AD server (2008R2).
In Lan-Proxy i have: squid.pfsee.net
When I try to open page, I get basic auth prompt (I really should
not!) - and cache.log says:
authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error returned 'BH received type 1 NTLM token'
What is wrong? Problem is with squid and linux or on the win2k8
machine (IE client side)?
Regards
R.
Received on Wed Jan 19 2011 - 12:16:08 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 19 2011 - 12:00:03 MST