[squid-users] Unable to get Firefox to authenticate via Kerberos

From: Mike Bordignon \(GMI\) <mike_at_gmi.co.nz>
Date: Tue, 02 Feb 2010 11:03:07 +1300

Hello,

I've recently managed to setup squid3.0 (STABLE8, on Debian Lenny) to
authenticate requests via a Win2003 machine over Kerberos. It's working
well with IE7 (on XP), but neither IE8 nor FF3.0 (both on Windows 7)
will authenticate successfully. When I configure a squid_ldap_auth
backup it will authenticate, but when I specify only negotiate it will
fail miserably.

This is what I'm getting in cache.log:

2010/02/02 10:53:48| squid_kerb_auth: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
(length: 59).
2010/02/02 10:53:48| squid_kerb_auth: parseNegTokenInit failed with rc=101
2010/02/02 10:53:48| squid_kerb_auth: received type 1 NTLM token

This puzzles me as I've setup network.negotiate-auth.trusted-uris in
Firefox correctly (I've tried setting it to both domain.com and
proxy.domain.com). Using kerbtray I don't appear to have any tickets for
http/fqdn/realm.com. Should I have? Do I need to restart Windows?

IE8 appears to prompt for Integrated Security but when I enter my
credentials nothing happens. The same log entry above appears.

Any help much appreciated.

cheers
Mike
Received on Mon Feb 01 2010 - 22:03:13 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 02 2010 - 12:00:03 MST