Hi all,
I am trying to set up Kerberos authentication with Squid 2.7.stable7 on
Linux. I use Heimdal 1.3.1. I already had success doing so on two
proxies, but in a third environment, authentication fails.
In squid.conf I have the following entries:
auth_param negotiate program /opt/squid/libe
Markus Moeller wrote:
Continuation needed means that the GSSAPI exchange has not finished and
the server needs more data from the client. Can you see in wireshark if
the token length is the one squid_kerb_auth says it is
> squid_kerb_auth: Got 'YRYI...' from squid (length: 3607)
I could conf
Markus Moeller wrote:
It looks like a configuration error. Also I recall Heimdal had some
issues with Cross realms. But you say all clients are on Windows only
the server uses squid with Heindal, so the problem might be on the
Windows side. Do the three AD domains trust each other ?
Yes, all
Markus Moeller wrote:
Can you download kerbtray from microsoft and list the tickets you have
on XP on a working and failing machine. Can you alos capture with
wireshark the traffic on port 88 ?
Using kerbtray did not show a difference. Capturing the traffic on port
88 shows that in both cases
Hi all,
Fabian Hugelshofer wrote:
Markus Moeller wrote:
Continuation needed means that the GSSAPI exchange has not finished
and the server needs more data from the client. Can you see in
wireshark if the token length is the one squid_kerb_auth says it is
> squid_kerb_auth: Got &#
Hi Bilal,
GIGO . wrote:
Problem:
Single FOrest Multiple domains where as Root A is empty with no users. Domain B & C have no trust configured between each other. The internet users belong to Domain B & Domain C. We want to enable users from both domains to authenticate via Kerberos and authror
