Hello, we are using Squid 3.5.21 and trying to implement the negotation authentification, based on kerberos and ntlm. Browsing in the internet works fine, even with acls based on active directory groups. Unfortunately we can't call java web start applications: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
We are using Java 1.8.0_221 on the clients. Squid.conf auth_param negotiate program /usr/sbin/negotiate_wrapper_auth -d --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=STL --kerberos /usr/sbin/negotiate_kerberos_auth -d -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive off acl grp-www external nt_group GRP_WWW acl www-auth proxy_auth REQUIRED http_access allow p-http grp-www www-auth http_access allow p-https grp-www www-auth Without grp-www and www-auth the calls work fine, but there is also no authentification. cache.log (last entry of kerberos debug) negotiate_kerberos_auth.cc(801): pid=2876 :2020/05/05 16:12:02| negotiate_kerberos_auth: DEBUG: AF oYG3MIG0oAMKAQChCwYJKoZIgvcSAQICooGfBIGcYIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv5cOyDbJ0+OYmI5iv0/mdKKd3Ez6ewG43c2U2rzYvooNfdMUT4ap5vufPMNSw3fGLJvPKgupMawOvcduXlBkCHqa5pqkmczvXGAdJvC2yRSJagDSrpuvjC9/XXaZCJl906Pluwo2ovPaYcKCXDy9c <myuser> The wiki says: AF - Success. Valid credentials. Deprecated by OK result from Squid-3.4 onwards. Does anyone have a clue or a similar behavior? Best Regards Christian Molecki _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
