Re: [squid-users] Problem with squid_kerb_auth

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Wed, 19 Jan 2011 13:28:43 +0100

ons 2011-01-19 klockan 13:12 +0100 skrev Rafal Zawierta:

> authenticateNegotiateHandleReply: Error validating user via Negotiate.
> Error returned 'BH received type 1 NTLM token'

That the client selected to use NTLM, not Kerberos. The squid_kerb_auth
helper only supports Kerberos. To support NTLM you also need to
configure NTLM authentication support in Squid. The Negotiate scheme as
such on the wire supports any authentication method Windows SPNEGO
supports.

I can only guess to why the client did not select to use Kerberos
* Did not find the right kerberos principal in the domain directory.
* do not trust the requested proxy server for Kerbeors authentication
* perhaps kerberos auth failed somehow and it did a fallback on NTLM?

Regards
Henrik
Received on Wed Jan 19 2011 - 12:28:48 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 19 2011 - 12:00:03 MST