[squid-users] Re: Re: Fighting with kerberos: WARNING: received type 1 NTLM token

I mean somethiong like this (opensuse12.suse.home is my squid proxy server)

>kinit -S HTTP/opensuse12.suse.home
Password for markus_at_SUSE.HOME:
> klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus_at_SUSE.HOME

Valid starting Expires Service principal
01/03/13 21:51:39 01/04/13 07:51:39 HTTP/opensuse12.suse.home_at_SUSE.HOME
        renew until 01/04/13 21:51:37

Regards
Markus

"David Touzeau" <david_at_articatech.com> wrote in message
news:AED8E97D193449D9919C82D7438F10B3_at_fr.kaspersky.com...
> Hi Markus
>
> Yes i have a ticket
>
> root_at_000SL10PROX:~# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrateur_at_AFEONLINE.NET
>
> Valid starting Expires Service principal
> 01/02/13 18:04:05 01/03/13 04:04:06 krbtgt/AFEONLINE.NET_at_AFEONLINE.NET
> renew until 01/03/13 18:04:05
>
> Server was connected to Active Directory
>
> Browsers are both Firefox and IE 9
>
>
>
> -----Original Message-----
> From: Markus Moeller
> Sent: Thursday, January 03, 2013 1:09 AM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Re: Fighting with kerberos: WARNING: received type
> 1 NTLM token
>
> Hi David,
>
> Can you get a ticket for HTTP/<squid-fqdn> ? Do you use IE or Firefox or
> ?
>
> Markus
>
>
> "David Touzeau" <david_at_articatech.com> wrote in message
> news:21ACFB9BE8E34C7DBA0FA2F2D0B329BB_at_fr.kaspersky.com...
>> Dear
>>
>> I have connected the server to the Active Directory, get tickets and so
>> on.
>> Clients are Windows 8 connected to the domain.
>>
>> in squid.conf:
>> auth_param negotiate program /lib/squid3/negotiate_kerberos_auth -d
>> auth_param negotiate children 10
>> auth_param negotiate keep_alive on
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 2 hour
>> authenticate_ip_ttl 60 seconds
>> authenticate_cache_garbage_interval 10 seconds
>> authenticate_ttl 0 hour
>>
>>
>> When browsing, Squid claim
>>
>> negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:39|
>> negotiate_kerberos_auth: WARNING: received type 1 NTLM token
>> 2013/01/03 00:10:39 kid1| ERROR: Negotiate Authentication validating
>> user. Error returned 'BH received type 1 NTLM token'
>> negotiate_kerberos_auth.cc(316): pid=30208 :2013/01/03 00:10:43|
>> negotiate_kerberos_auth: DEBUG: Got 'YR
>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' from squid
>> (length: 59).
>> negotiate_kerberos_auth.cc(379): pid=30208 :2013/01/03 00:10:43|
>> negotiate_kerberos_auth: DEBUG: Decode
>> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' (decoded
>> length: 40).
>> negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:43|
>> negotiate_kerberos_auth: WARNING: received type 1 NTLM token
>> 2013/01/03 00:10:43 kid1| ERROR: Negotiate Authentication validating
>> user. Error returned 'BH received type 1 NTLM token'
>> negotiate_kerberos_auth.cc(316): pid=30208 :2013/01/03 00:10:48|
>> negotiate_kerberos_auth: DEBUG: Got 'YR
>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' from squid
>> (length: 59).
>> negotiate_kerberos_auth.cc(379): pid=30208 :2013/01/03 00:10:48|
>> negotiate_kerberos_auth: DEBUG: Decode
>> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' (decoded
>> length: 40).
>> negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:48|
>> negotiate_kerberos_auth: WARNING: received type 1 NTLM token
>> 2013/01/03 00:10:48 kid1| ERROR: Negotiate Authentication validating
>> user. Error returned 'BH received type 1 NTLM token'
>>
>> Why, where i’m miss ???
>>
>> best regards...
>>
>>
>>
>>
>
>
>
Received on Thu Jan 03 2013 - 21:53:43 MST