[squid-users] Unable to get Firefox to authenticate via Kerberos
Hello, I've recently managed to setup squid3.0 (STABLE8, on Debian Lenny) to authenticate requests via a Win2003 machine over Kerberos. It's working well with IE7 (on XP), but neither IE8 nor FF3.0 (both on Windows 7) will authenticate successfully. When I configure a squid_ldap_auth backup it will authenticate, but when I specify only negotiate it will fail miserably. This is what I'm getting in cache.log: 2010/02/02 10:53:48| squid_kerb_auth: Got 'YR TlRMTVNTUAABl4II4gAGAbAdDw==' from squid (length: 59). 2010/02/02 10:53:48| squid_kerb_auth: parseNegTokenInit failed with rc=101 2010/02/02 10:53:48| squid_kerb_auth: received type 1 NTLM token This puzzles me as I've setup network.negotiate-auth.trusted-uris in Firefox correctly (I've tried setting it to both domain.com and proxy.domain.com). Using kerbtray I don't appear to have any tickets for http/fqdn/realm.com. Should I have? Do I need to restart Windows? IE8 appears to prompt for Integrated Security but when I enter my credentials nothing happens. The same log entry above appears. Any help much appreciated. cheers Mike
Re: [squid-users] Unable to get Firefox to authenticate via Kerberos
No matter - this was the problem http://www.mcplusa.com/blog/2009/10/authentication-with-kerberos-on-windows-7-and-the-google-search-appliance/ Original Message Subject: [squid-users] Unable to get Firefox to authenticate via Kerberos From: Mike Bordignon (GMI) m...@gmi.co.nz To: squid-users@squid-cache.org Date: 2/02/2010 11:03 a.m. Hello, I've recently managed to setup squid3.0 (STABLE8, on Debian Lenny) to authenticate requests via a Win2003 machine over Kerberos. It's working well with IE7 (on XP), but neither IE8 nor FF3.0 (both on Windows 7) will authenticate successfully. When I configure a squid_ldap_auth backup it will authenticate, but when I specify only negotiate it will fail miserably. This is what I'm getting in cache.log: 2010/02/02 10:53:48| squid_kerb_auth: Got 'YR TlRMTVNTUAABl4II4gAGAbAdDw==' from squid (length: 59). 2010/02/02 10:53:48| squid_kerb_auth: parseNegTokenInit failed with rc=101 2010/02/02 10:53:48| squid_kerb_auth: received type 1 NTLM token This puzzles me as I've setup network.negotiate-auth.trusted-uris in Firefox correctly (I've tried setting it to both domain.com and proxy.domain.com). Using kerbtray I don't appear to have any tickets for http/fqdn/realm.com. Should I have? Do I need to restart Windows? IE8 appears to prompt for Integrated Security but when I enter my credentials nothing happens. The same log entry above appears. Any help much appreciated. cheers Mike
