[squid-users] Re: Re: problems squid_kerb_auth

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Mon, 30 May 2011 23:29:39 +0100

Looking at the capture it seems the client (Firefox) does not react on the
Negotiate response. I think you need to use *.vialactea.corp to fix this.

Regards
Markus

"spiderslack" <spiderslack_at_yahoo.com.br> wrote in message
news:4DE41183.6080902_at_yahoo.com.br...
> Hi,
>
> For the log can not see any connection against the Active Directory on
> port 88 (kerberos, right). Attached is the. pcap. I did the
> configuration of firefox as below
>
> firefox set variables as follows:
>
> network.negotiate-auth.delegation-uris=vialactea.corp
> network.negotiate-auth.trusted-uris= vialactea.corp
>
> where vialactea.corp is the domain of the Active Directory. I tried in
> IE but he keeps asking for login and password infinitely
>
> Regards
>
> On 05/29/2011 09:39 AM, Markus Moeller wrote:
>> Hi,
>>
>> The squid log file says that the client could not use Kerberos and
>> fell back to NTLM.
>>
>> Can you capture the traffic from the client to the proxy and to your
>> Kerberos servers (e.g. active directory) with wireshark and send me
>> the cap file (if not too big) ?
>>
>> Markus
>
>
Received on Mon May 30 2011 - 22:30:11 MDT

This archive was generated by hypermail 2.2.0 : Tue May 31 2011 - 12:00:03 MDT