On 30/04/11 20:13, Go Wow wrote:
> When I run msktutil I get this line in the output.
>
> krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
>
> I did kinit before issuing msktutil and it ran successfully. I can see
> tickets when I issue klist.
>
Tickets, klist and keytabs do not matter in this case Kerberos is not
involved.
>
>
> On 30 April 2011 10:43, Go Wow wrote:
>> Hi,
>>
>> I'm trying to configure Kerberos Authentication for squid. I'm
>> running Squid 3.1.12 and Windows 2008 R2 SP2. I have followed the
>> kerberos authentication guide on squid-cache and many other guides, I
>> always end up with these logs in my cache.log. My client browser keeps
>> prompting for username/password. Even a valid set of credentials are
>> not accepted.
>>
>> 2011/04/30 10:24:32| squid_kerb_auth: WARNING: received type 1 NTLM token
>> 2011/04/30 10:24:32| authenticateNegotiateHandleReply: Error
>> validating user via Negotiate. Error returned 'BH received type 1 NTLM
>> token'
"type 1 NTLM" aka NTLM authentication protocol.
The Kerberos helpers for Squid only validate type 3 (Kerberos).
Markus has developed a negotiate_wrapper helepr which can split the
Negotiate auth protocol into Negotiate/Kerberos and Negotiate/NTLM
validation. That may be of some help, though there are bugs in the Squid
end which prevent is working sometimes.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Sat Apr 30 2011 - 09:30:15 MDT
This archive was generated by hypermail 2.2.0 : Sat Apr 30 2011 - 12:00:04 MDT