Hi list, I want to use this brilliant software squid but do you know what I missing?
I have working AD authentication on my SLES11 system - kinit -k -t HTTP.keytab HTTP/squid.fqdn.com works - login via ssh works with pam_krb5 - joining to my domain also worked as a charm At this stage I believe, I've set up krb5.conf correctly. So I compiled Squid 3.1.0.13. configure options: '--prefix=/usr/local/squid-3.1' '--enable-auth=basic,ntlm,negotiate' '--enable-basic-auth-helpers=SMB getpwnam multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm no_check' '--enable-negotiate-auth-helpers=squid_kerb_auth' --with-squid=/install/squid-3.1.0.13 --enable-ltdl-convenience Next I inserted these lines into squid.conf auth_param negotiate program squid_kerb_auth -d 99 -s HTTP/squid.fqdn.com auth_param negotiate children 15 auth_param negotiate keep_alive on Starting squid again worked fine, so didn't get any error at boot time and -- ps -ef -- shows me squid 28944 27915 0 12:51 pts/0 00:00:00 ./squid -N -d 20 -f ../etc/squid.conf squid 28945 28944 0 12:51 ? 00:00:00 (squid_kerb_auth) -d 99 -s HTTP/squid.fqdn.com squid 28946 28944 0 12:51 ? 00:00:00 (squid_kerb_auth) -d 99 -s HTTP/squid.fqdn.com On my windows PC I configured proxy using manual setting to the FQDN of squid. The result is - in cache.log I find 2009/08/24 12:58:13| squid_kerb_auth: Got 'YR YIIFzAYGKwYBBQUCoIIFwDCCBby ... [...] from squid (length: 1987). 2009/08/24 12:58:13| squid_kerb_auth: Decode 'YIIFzAYGKwYBBQ [...] (decoded length: 1488) 2009/08/24 13:21:19| squid_kerb_auth: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key table entry not found 2009/08/24 13:21:19| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Key table entry not found' I created my HTTP.keytab as it was described somewhere. Logged on windows DC - used ktpass and mapped the service principal to a windows user. After that I copied this file to linux squid. I also tried to configure in squid.conf to use squid_kerb_auth -s HTTP/squid.fqdn....@realm But this didn't work either. I think there is something small missing but I can't figure it out. Please can anybody help me? I hope, my detailed explanation will help others too to configure their systems. With best regards Andrew
