Re: [squid-users] Re: Fighting with kerberos: WARNING: received type 1 NTLM token

From: David Touzeau <david_at_articatech.com>
Date: Thu, 3 Jan 2013 10:15:19 +0100

Hi Markus

Yes i have a ticket

root_at_000SL10PROX:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur_at_AFEONLINE.NET

Valid starting Expires Service principal
01/02/13 18:04:05 01/03/13 04:04:06 krbtgt/AFEONLINE.NET_at_AFEONLINE.NET
        renew until 01/03/13 18:04:05

Server was connected to Active Directory

Browsers are both Firefox and IE 9

-----Original Message-----
From: Markus Moeller
Sent: Thursday, January 03, 2013 1:09 AM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Re: Fighting with kerberos: WARNING: received type 1
NTLM token

Hi David,

  Can you get a ticket for HTTP/<squid-fqdn> ? Do you use IE or Firefox or
?

Markus

"David Touzeau" <david_at_articatech.com> wrote in message
news:21ACFB9BE8E34C7DBA0FA2F2D0B329BB_at_fr.kaspersky.com...
> Dear
>
> I have connected the server to the Active Directory, get tickets and so
> on.
> Clients are Windows 8 connected to the domain.
>
> in squid.conf:
> auth_param negotiate program /lib/squid3/negotiate_kerberos_auth -d
> auth_param negotiate children 10
> auth_param negotiate keep_alive on
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hour
> authenticate_ip_ttl 60 seconds
> authenticate_cache_garbage_interval 10 seconds
> authenticate_ttl 0 hour
>
>
> When browsing, Squid claim
>
> negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:39|
> negotiate_kerberos_auth: WARNING: received type 1 NTLM token
> 2013/01/03 00:10:39 kid1| ERROR: Negotiate Authentication validating user.
> Error returned 'BH received type 1 NTLM token'
> negotiate_kerberos_auth.cc(316): pid=30208 :2013/01/03 00:10:43|
> negotiate_kerberos_auth: DEBUG: Got 'YR
> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' from squid
> (length: 59).
> negotiate_kerberos_auth.cc(379): pid=30208 :2013/01/03 00:10:43|
> negotiate_kerberos_auth: DEBUG: Decode
> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' (decoded
> length: 40).
> negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:43|
> negotiate_kerberos_auth: WARNING: received type 1 NTLM token
> 2013/01/03 00:10:43 kid1| ERROR: Negotiate Authentication validating user.
> Error returned 'BH received type 1 NTLM token'
> negotiate_kerberos_auth.cc(316): pid=30208 :2013/01/03 00:10:48|
> negotiate_kerberos_auth: DEBUG: Got 'YR
> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' from squid
> (length: 59).
> negotiate_kerberos_auth.cc(379): pid=30208 :2013/01/03 00:10:48|
> negotiate_kerberos_auth: DEBUG: Decode
> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==' (decoded
> length: 40).
> negotiate_kerberos_auth.cc(389): pid=30208 :2013/01/03 00:10:48|
> negotiate_kerberos_auth: WARNING: received type 1 NTLM token
> 2013/01/03 00:10:48 kid1| ERROR: Negotiate Authentication validating user.
> Error returned 'BH received type 1 NTLM token'
>
> Why, where i’m miss ???
>
> best regards...
>
>
>
>
Received on Thu Jan 03 2013 - 09:15:22 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 04 2013 - 12:00:03 MST