Hi Giorgi,
You do not need to renew the keytab every 30 days. It is more a best
practice to change them after some period but I think 30 days is a bit too
frequent. At the end you need to determine how high the risk is that
someone got hold of the keytab to impersonate someone else.
Hello Markus
Thank you very much, everything works now. Only two question left
1) Is it necessary to run commands specified below every 30 day?
msktutil --auto-update --verbose --computer-name proxy1-k
msktutil --auto-update --verbose --computer-name proxy2-k
msktutil --auto-update --verbose
Hi Giorgi,
It would be
msktutil -c -b CN=COMPUTERS -s HTTP/proxy1.domain.com -h
proxy1.domain.com -k /root/keytab/PROXY.keytab --computer-name PROXY1-K
--upn HTTP/proxy1.domain.com--server addc03.domain.com --verbose
--enctypes 28
msktutil -c -b CN=COMPUTERS -s HTTP/proxy2.domain.com -h
Hi Markus
Excuse me for posting in old list, but I have a small question:
So I have 2 squid servers (proxy1.domain.com and proxy2.domain.com) and
one DNS RR record (proxy.mia.gov.ge). Regarding your recommendation how
should I create keytab file.
msktutil -c -b CN=COMPUTERS -s
Hi Joseph,
it is all possible :-)
Firstly I suggest not to use samba tools to create the squid keytab, but
use msktutil (see
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos). Then
create a keytab for the loadbalancer name ( that is the one configured in IE
or Firefox).
You may need to increase the following:
src/auth/UserRequest.h:#define MAX_AUTHTOKEN_LEN 32768
Regards
Markus
Amos Jeffries wrote in message news:52971e79.9030...@treenet.co.nz...
On 28/11/2013 10:42 p.m., Berthold Zettler wrote:
Hi Madhav,
all relevant a systems (AD-Controllers and
Thank you for your will to help me. It was my mistake, as I recompiled
the port in order to get LDAP authentication helpers which I had
previously turned off. This of course reinstalled rc script which
overwrote line crucial for kerberos to work (export KRB5_KTNAME).
I even wrote about this on
On 10/15/2013 02:12 PM, Marko Cupać wrote:
Thank you for your will to help me. It was my mistake, as I recompiled
the port in order to get LDAP authentication helpers which I had
previously turned off. This of course reinstalled rc script which
overwrote line crucial for kerberos to work (export
On 16/10/2013 4:36 p.m., Eliezer Croitoru wrote:
On 10/15/2013 02:12 PM, Marko Cupać wrote:
Thank you for your will to help me. It was my mistake, as I recompiled
the port in order to get LDAP authentication helpers which I had
previously turned off. This of course reinstalled rc script which
Hi Marko,
Do you use MIT or Heimdal libraries ? Is your proxy fqdn
rsbgyucnix05.kappastar.com ?
Regards
Markus
MarkoCupać wrote in message
news:20131014172926.9e9e75039fff88058383c...@mimar.rs...
On Mon, 14 Oct 2013 18:17:30 +0300
Pavel Kazlenka pavel.kazle...@measurement-factory.com
On 30/08/2013 4:32 a.m., Trever L. Adams wrote:
Hello everyone,
I am having a difficult time. I am not just trying to do something
similar to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass, but
without blocking most sites for unauthenticated users.
It is a key property of
Hi Glenn,
If you follow the online guide at
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos you will
see for win2008 a
msktutil -c -b CN=COMPUTERS -s HTTP/fqdn -h fqdn -k
/etc/squid/HTTP.keytab --computer-name squid-http --upn HTTP/fqdn --server
domain controller
If I
deactivate the option in web browser, the proxy give me a error because I
don't have persmission for access to cache, but not ask me for the
password
for authenticate
What error exactly?
Autentication cache error, because when disabled the integrated
authentication in web browser, it
Referencing that Kerberos-load-balancer-and-AD thread, yes it does work :-).
A user is created in AD, and an SPN with the lB FQDN points to that user.
That user is then used to create the keytab on each proxy.
Sean
On 22 May 2013 22:41, SPG spggps...@gmail.com wrote:
Hi,
then, with this
In addition you need to add an option to squid_kerb_auth -s GSS_C_NO_NAME
otherwise the module will expect a HTTP/proxy-name
Markus
SPG spggps...@gmail.com wrote in message
news:1369208281267-4660187.p...@n4.nabble.com...
Hi,
I've read a lot of post about kerberos and load balancers, but I
Hi,
then, with this option you don't need create an account for all squids
servers and duplicate spn in each account of squid. Only need a account for
load balancer service. I question it, because I read this post in the
morning and I have doubts . Is it true?
If the PC which is not in the domain has WINS configured via DHCP you should
also be able to use Kerberos with user@DOMAIN and domain password in the
popup.
Markus
Delton del...@bnpapel.com.br wrote in message
news:51954355.1000...@bnpapel.com.br...
Guys,
I ran some more tests.
Only
Sorry, I thought that I post it. I had the fqdn in web browser proxy
configuration but I put the ip in the proxy pack for automatic web browser
configuration.
http://proxyprueba.abg.corp/public/PAC/getpacfile.htmopt -- web browser
configuration
if(
Has IE integrated windows authentication enabled ? Can you get a wireshark
capture from your windows machine on port 88.
Markus
SPG spggps...@gmail.com wrote in message
news:1367914304369-4659821.p...@n4.nabble.com...
A lot of thanks Markus and sorry by my big delay in answering but I
Thanks Markus. I posted my error and the solution. Perhaps you didn't receive
the mail
A lot of thanks.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-with-2008-2003-DC-tp4659198p4659861.html
Sent from the Squid - Users mailing list archive at
I didn't see your email with the error and solution.
Can you please post it to the list for future reference?
On Thu, May 9, 2013 at 5:20 AM, SPG spggps...@gmail.com wrote:
Thanks Markus. I posted my error and the solution. Perhaps you didn't receive
the mail
A lot of thanks.
--
View
A lot of thanks Markus and sorry by my big delay in answering but I didn't
know suficient for reply you.
I read a lot of posts and I checked my configuration and I think that now I
can reply you.
My configuration
[logging]
default = FILE:/var/log/krb/krb5libs.log
kdc =
More info
[root@proxyprueba ~]# /usr/lib64/squid/squid_kerb_auth_test -d -s
HTTP/proxyprueba.abg.c...@abg.corp
Token:
Could it be that a Windows application uses its system key to authenticate
against squid ? This could happen if now user is logged in and the
application runs as a service.
Markus
JC Putter jcput...@gmail.com wrote in message
Ah! That makes sense! Thanks!
On Thu, May 2, 2013 at 9:23 PM, Markus Moeller hua...@moeller.plus.com wrote:
Could it be that a Windows application uses its system key to authenticate
against squid ? This could happen if now user is logged in and the
application runs as a service.
Markus
One partial answer to my own question: in the proxypac, ftp traffic
could be diverted to another proxy:
if (shExpMatch(url, ftp:*)) {
return PROXY otherproxy.mysite.ch:80;
}
On 17 April 2013 08:56, Sean Boran s...@boran.com wrote:
Hi,
Kerberos is authenticating http/s traffic for me
Can you try kinit -V -k -t /etc/squid/.keytab HTTP/proxyprueba.xxx.xxx ?
Markus
SPG spggps...@gmail.com wrote in message
news:1364200322406-4659198.p...@n4.nabble.com...
Hi,
I have a domain with 2008 and 2003 DCs. If I genus a keytab in windows
2008
only work with 2008 server's and if I
(sorry for the slow answer, an over-eager spam filter swallowed this msg).
In wireshark, the server name sent in the ticket is correct
(proxy.example.com) , encryption is rc4-hmac and knvo=5.
This is the same kvno as seen in klist -ekt /etc/krb5.keytab (with
des-cbc-crc, des-cbc-md5,
That should work. What do you see in Wireshark when you look at the traffic
to the proxy ? If you exand the Negotiate header you should see what is the
principal name and kvno. Both must match what is in your keytab ( check with
klist -ekt /etc/keytab)
Markus
Sean Boran s...@boran.com
If I rejoin the account using net ads join the RPC trust is
established as soon as you do a msktutil update the trust fails...
Anyone know of a workaround ?
On Fri, Feb 22, 2013 at 1:25 PM, JC Putter jcput...@gmail.com wrote:
I followed the guide below as a starting point for my squid proxy,
If you use Kerberos and NTLM do not use the same AD account. Samba will
update the AD account (e.g. change account password after x days) and
msktutil does the same. So you will always have a problem if you do not use
seperate AD accounts and there is nor reason to use the same.
Markus
JC
Hi Simon,
This looks like a client PC issue. Can you check with kerbtray that the
client gets a TGS for HTTP/squid-fqdn ? If you can look at the traffic
between the client and AD with wireshark you should see first an AS request
from the client to AD on port 88 and when you the user opens
On Mon, Apr 16, 2012 at 07:05:23AM +0100, Markus Moeller wrote:
BTW I would not recommend using ktpass and a user account. ktpass uses DES
as a default which is not anymore supported by newer MS systems and
secondly user accounts in AD have usually (depending on your AD setting) a
Can you get a network capture with wireshark or tcpdump into a files for
port 88 , 389 , 53 464 ? WHat version of AD do you use ? Is it 2003 or 2008
?
Regards
Markus
Fran Márquez informatica.comunicacione...@chguadalquivir.es wrote in
message news:4f4d6884.6040...@chguadalquivir.es...
The best is to configure Negotiate with the wrapper to cover Negotiate/NTLM
and Negotiate/Kerberos and NTLM as pure NTLM for applications/clients
which do not support Negotiate but NTLM ( like some chat tools).
Thank you both for the feedback and help with my understanding on
authentication.
On Wed, Dec 28, 2011 at 05:23:55PM +1100, James Robertson wrote:
Because I implemented Kerberos first I already had a machine account
in Active Directory that was created by the msktutil utility.
When I researched implementing ntlm_auth the documentation mentions
joining the computer to AD
Hi Amos
Amos Jeffries squ...@treenet.co.nz wrote in message
news:4ef3e3b6.4060...@treenet.co.nz...
On 23/12/2011 12:39 p.m., James Robertson wrote:
We have successfully deployed a squid3 proxy in a Windows AD domain
that authenticates users with the kerberos helper and uses LDAP
queries to
Hi Wladner,
If you use MIT Kerberos you could try to disable the replay cache
Kerberos can keep a replay cache to detect the reuse of Kerberos tickets
(usually only possible in a 5 minute window) . If squid is under high load
with Negotiate(Kerberos) proxy authentication requests the replay
Did you try my negotiate wrapper ? It is part of squid 3.2, but right now
only works with 3.1 ( I have an open bug for 3.2)
Markus
Emmanuel Lacour elac...@easter-eggs.com wrote in message
news:20111209110446.gc11...@easter-eggs.com...
On Thu, Dec 08, 2011 at 09:14:51PM +0100, Emmanuel
On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote:
Did you try my negotiate wrapper ? It is part of squid 3.2, but
right now only works with 3.1 ( I have an open bug for 3.2)
looks interesting, I'm going to grab it from last 3.2 sources and
compile it for 3.1. I'll let you know
On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote:
Did you try my negotiate wrapper ? It is part of squid 3.2, but
right now only works with 3.1 ( I have an open bug for 3.2)
Can you give me hints on how to build it for 3.1 ?
You need to create one AD entry for proxy.domain.tld and copy the same
keytab to both squid servers and use the -s GSS_C_NO_NAME option for
squid_kerb_auth or negotiate_kerberos_auth.
Regards
Markus
Emmanuel Lacour elac...@easter-eggs.com wrote in message
On Fri, Sep 09, 2011 at 03:42:21PM +0100, Markus Moeller wrote:
You need to create one AD entry for proxy.domain.tld and copy the
same keytab to both squid servers and use the -s GSS_C_NO_NAME
option for squid_kerb_auth or negotiate_kerberos_auth.
at a first glance, it seems to works like a
Hi João Carlos ,
I tested this with windows media player 11 and I do not have a problem to
authenticate against squid using Negotiate/Kerberos. See my exchaange
between wmp 11 and squid.
Markus
GET http://www.jhepple.com/SampleMovies/niceday.wmv HTTP/1.1
Accept: */*
User-Agent:
Hi João Carlos,
Negotiate is a way to negotiate the authentication type. When the
client receives the negotiate request from squid it will try first Kerberos
authentication and if that fails because the SPN does not exist the client
will use NTLM in the Negotiate reply.
To get around
yeah Markus I even thought its becuz of that -d option.
Is it completely safe to ignore this.
Thanks for your help.
On 21 July 2011 23:26, Markus Moeller hua...@moeller.plus.com wrote:
Hi Syed,
-d option is for debug output.
The message
squid_kerb_auth: parseNegTokenInit failed with
Hi Syed,
-d option is for debug output.
The message
squid_kerb_auth: parseNegTokenInit failed with rc=102 comes from old modules
which use check first for a gssapi token and then for an spngeo token.
Regards
Markus
Syed Hussaini gow...@gmail.com wrote in message
ok, does not sound good, but I expected something like that, even
though in theory more CPUs should be able to handle more
work/authentication processes
We don't really care about caching, we are basically only interested
in antivirus and category blocking based on username/group (achieved
with
Hi,
We had to bypass the kerberos authentication for now (most of the
users will be authenticated by IP (there are already more than 1
unique IPs in my Squid logs). iirc, disabling the replay cache did not
help much. There is a load avg of 0.4 right now (authenticating about
9000 users per IP
On Wed, 16 Feb 2011 13:28:29 +0100, guest01 wrote:
Hi,
We had to bypass the kerberos authentication for now (most of the
users will be authenticated by IP (there are already more than 1
unique IPs in my Squid logs). iirc, disabling the replay cache did
not
help much. There is a load avg
Hi Peter
Nick Cairncross nick.cairncr...@condenast.co.uk wrote in message
news:c9782338.5940f%nick.cairncr...@condenast.co.uk...
On 09/02/2011 09:34, guest01 gues...@gmail.com wrote:
Hi,
We are currently using Squid 3.1.10 on RHEL5.5 and Kerberos
authentication for most of our clients
Is it possible that you run a samba daemon like winbindd ? If samba is
fully configured it will emulate a Windows desktop/server and changes on a
regular basis the machine password which is used for the Kerberos key. So
if the machine password is changed ther key in hye keytab will be
Hello list, Markus,
thanks for your hint; this is also described in the Wiki entry - I
only have used Samba to create the keytab. It is not running as a
daemon here.
However I think I've found the (fairly trivial) problem... There was
an issue with the ESX host/Storage the Linux Squid was
A wireshark capture would help to understand what is happening.
Markus
Rob Asher ras...@paragould.k12.ar.us wrote in message
news:4d0883e4.0172.003...@paragould.k12.ar.us...
Hi Markus,
I did actually follow that setting up FF. These are the actual changes I've
made to FF:
Hi Markus,
I did actually follow that setting up FF. These are the actual changes I've
made to FF:
network.auth.use-sspi = false
network.negotiate-auth.gsslib = C:\Program Files\MIT\Kerberos\bin\gssapi32.dll
network.negotiate-auth.trusted-uris = XSERVE.PARAGOULD.PSD
Hi Rob,
Did you follow what I described in this threat
http://thread.gmane.org/gmane.comp.web.squid.general/87060/focus=87084
regarding the FF configuration and gssapi selection ?
Regards
Markus
Rob Asher ras...@paragould.k12.ar.us wrote in message
Hi Markus,
I must still have something wrong. When I open FF now, I get a prompt from KfW
for new credentials for my username even though the network identity manager
already shows I have a valid ticket from the KDC. If I supply the correct
password, I'm still denied cache access. Looking
Hi Tom,
What does klist -ekt squid.keytab show ? Does it have an entry for AES ?
Did you use --enctypes 28 with msktutil as described here
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Create_keytab ?
Markus
Tom Tux tomtu...@gmail.com wrote in message
Hi Markus
In the meantime, the klist -etk /etc/krb5.keytab have AES entries:
AES-128 CTS mode with 96-bit SHA-1 HMAC
AES-256 CTS mode with 96-bit SHA-1 HMAC
But they were made by the nightly msktutil --auto-update job (after
30 days were passed). And during this step, that
Hi Rob,
It looks like your kdc does not know about the service principal
HTTP/proxyserver.paragould@xserve.paragould.psd
How did you create the entry and keytab ?
Markus
Rob Asher ras...@paragould.k12.ar.us wrote in message
news:4cfcf8e3.0172.003...@paragould.k12.ar.us...
I've
Hi Markus,
I created the service principal with kadmin on the apple server. The actual
command was kadmin.local -q add_principal HTTP/proxyserver.paragould.psd. I
used kadmin also to export the keytab. Here's exactly what I did:
xserve:~ root# kadmin.local
Authenticating as principal
Hi Rob,
What happens when you type kinit HTTP/proxyserver.paragould.psd on your kdc
server ? Do you get a password prompt ?
Markus
Rob Asher ras...@paragould.k12.ar.us wrote in message
news:4cffadf6.0172.003...@paragould.k12.ar.us...
Hi Markus,
I created the service principal with kadmin
Markus,
I do get a password prompt although I don't remember setting a password for it.
xserve:~ root# kinit HTTP/proxyserver.paragould.psd
Please enter the password for
HTTP/proxyserver.paragould@xserve.paragould.psd:
Kerberos Login Failed:
Password incorrect
In Open Directory, I just
] Re: [squid-users] Re: Kerberos auth with Active
Directory.
hello
Thank you again for your advice. Researching the SASL support requirements
I discovered from the output of configure for squid_kerb_ldap that the check
for sasl.h returned no. So I identified the debian package libsasl2-dev
Rolf Loudon r...@ses.tas.gov.au wrote in message
news:ea4139a9-af4d-4e0d-8a05-c7b0c3ef4...@ses.tas.gov.au...
hello
Hi Rolf
I am trying to setup kerberos auth against Active Directory - Windows
2000 - in squid, 2.7. This is primarily so that the username is captured
in the access log.
Nick Cairncross nick.cairncr...@condenast.co.uk wrote in message
news:99a993aa-7d9f-49a2-bf7b-4bd51b109...@condenast.co.uk...
On Mon, 30 Aug 2010 16:32:51 +0200, Maxim Burgerhout ma...@wzzrd.com
wrote:
Of course I just bumped into that little gem *after* I sent the
previous message to this
Hi Marcus and all.
It turned out that I just needed a restart of the proxy server. I read
on a post who was having the same problem and a restart worked for
him. I tried that and all worked for me too. Kerberos auth is not
working as expected. I only had to follow the wiki example line by
line.
Hi Manoj,
It looks like the client PC does not get the TGS for HTTP/proxy.domain.
Did you configure in IE the proxy with the name proxy.domain or as IP ? IE
requires the name. BTW IE 6 does not support Kerberos proxy authentication.
Can you capture the traffic on port 88 from your client
Hi Markus,
I admit that it could be preferable to do it for each one if the KVNO was to
change, but the AD account I use is a dummy computer account and has no
physical host so doesn't change. That said, I have tried to do it with a
separate account and I get the same result: 2 work one fails.
Hi Nick,
This is a unusual setup. I wonder how you could get it to work as a keytab
extraction changes usually the AD entry and therefore the key for your
2nd/3rd squid server. I suggest to create three separate AD entries and
remove any SPN for HTTP/short-hostname.
Regards
Markus
Nick
-
From: Tom Tux tomtu...@gmail.com
To: Markus Moeller hua...@moeller.plus.com
Sent: Thursday, July 08, 2010 1:54 PM
Subject: Re: [squid-users] Re: Kerberos-authentication and ntlm-fallback
with AD-group-membership-checking
Hi Markus
I think, that the output from the log with just the username
...@gmail.com
To: Markus Moeller hua...@moeller.plus.com
Sent: Thursday, July 08, 2010 1:54 PM
Subject: Re: [squid-users] Re: Kerberos-authentication and ntlm-fallback
with AD-group-membership-checking
Hi Markus
I think, that the output from the log with just the username instead
of netbios
Hi Tom
It should work if squid sends Negotiate and NTLM authentication requests to
the client. IE6 will ignore the Negotiate request and reply to NTLM, whereas
IE7 and IE8 will respond to Negotiate. With NTLM you will get a username
like Netbios-Domain\user in contrast to
mån 2010-05-17 klockan 06:30 +0100 skrev Markus Moeller:
OpenDirecttory or eDirectory is just ldap and has nothing to do with
Kerberos (as far as I know).
eDirectory can trust Kerberos for authentication. But does not in itself
provide Kerberos KDC. Novell also have a Kerberos KDC product
tis 2010-05-18 klockan 20:00 +0100 skrev Markus Moeller:
BTW Would you be interested to include squid_kerb_ldap - my ldap
authorisation module with Kerberos authentication to an ldap server ?
Yes. Submissions are always welcome. Just post the merge request to
squid-dev.
Regards
Henrik
Hi Markus,
Thanks for the info. If squid can use MIT kerberos, then hopefully I should be
ok to get it working with Mac OS X Server (and OpenDirectory), based off
http://developer.apple.com/opensource/kerberosintro.html
On the Novell front, it's harder to find info on it's kerberos
Hi Matthew,
I think you are a bit confused. AD offers a Kerberos and ldap service.
OpenDirecttory or eDirectory is just ldap and has nothing to do with
Kerberos (as far as I know). You can use AD, MIT Kerberos, Heimdal Kerberos
or any other Implementation (e.g. Solaris based) for
I´ve added the following to squid.conf:
external_acl_type ldapgroup %LOGIN /usr/lib/squid/squid_ldap_group -b
CN=Users,DC=heidelberg,DC=bw-online,DC=de -f
((cn=%g)(memberUid=%u)(objectClass=ebay)) -B CN=Users -F (CN=%s) -D
CN=ldap,CN=Users,DC=heidelberg,DC=bw-online,DC=de -w PASSWORD -h
Update:
First a correction, it should've been I know this information seems
rather limitedinstead of I know this information see.
I recompiled Squid with just Kerberos and still received the same error.
On Fri, Dec 11, 2009 at 9:58 AM, Robert Schenck robschenck...@gmail.com wrote:
Hello,
Nevermind, problem solved. I didn't have rights to the keytab file...
On Fri, Dec 11, 2009 at 10:27 AM, Robert Schenck
robschenck...@gmail.com wrote:
Update:
First a correction, it should've been I know this information seems
rather limitedinstead of I know this information see.
I
Did you set the environment variable KRB5_KTNAME correctly to
FILE:/etc/squid/HTTP.keytab in the squid statup file ? Does the squid
process have read permissions on the keytab ?
Can you squid_kerb_auth with one child and use strace against it to check
for any access errors ?
Markus
Andrew
squid_kerb-auth should work.
Markus
Ron Richardson rrichard...@liverpool.k12.ny.us wrote in message
news:fc.000f714603d9ae87000f714603d9ae87.3d9a...@liverpool.k12.ny.us...
Has anyone put Kerberos authentication into the MacPort of Squid? If so,
would you care to share how you did it?
If
, 2009 4:22 PM
To: 'Markus Moeller'; squid-users@squid-cache.org
Subject: RE: [squid-users] Re: Kerberos Authentication - Squid 3.1.0.13
Markus,
First, please correct me if I'm wrong but I looked for 'gssapi.h' in
config.log and I'm assuming that config.log contains all the log information
??? ? undelb...@gmail.com wrote in message
news:cf132a050909030128ke05b19bl5cfc7e0f6ac81...@mail.gmail.com...
I've configured Kerberos authentication for users in AD, but there is
one problem: after half an hour IE7 forgets about Kerberos and tries
to use NTLM. User have to restart
hi,
if you have made the wiki[...]/Kerberos guide through then you are close to
the goal.
it seems that your problem is only configuration error on client side.
since squid_kerb_auth is a MUST to configure the fqdn name of squid in the IE
settings.
at my place IE 7, IE 8 and FF 3.5 works
On Wed, Aug 26, 2009 at 11:06 AM, Mrvka Andreasm...@tuv.at wrote:
hi,
if you have made the wiki[...]/Kerberos guide through then you are close to
the goal.
I hope so anyway :-)
it seems that your problem is only configuration error on client side.
I am not so sure anymore. I tried to use
hm...
i can tell you what I did.
first I tried ktpass too as you describe.
But nevertheless to use exactly the same as in the wiki I finally used
msktutil to proceed.
I run an SLES 11 Server and had to download SLES 11 SDK iso to compile
msktutil successfully.
My way was:
- configure
On Wed, Aug 26, 2009 at 12:35 AM, Jeremy Monnetjmon...@gmail.com wrote:
This will create 200 authentication requests for testing.
That will help me a lot ! Thank you very much for your answers !
I'll post comments as soon as it works (or I get new questions).
Ok, I am making progress (I
Jeremy Monnet jmon...@gmail.com wrote in message
news:2b1bd02c0908251050i6e63cecaxeb29ceecd2a84...@mail.gmail.com...
Hi,
I a m trying to authenticate users through kerberos on a windows 2003
server AD. Basically, I followed the klaubert tutorial [1], part on
Negotiate/kerberos authentication.
On Tue, Aug 25, 2009 at 11:23 PM, Markus Moellerhua...@moeller.plus.com wrote:
I a m trying to authenticate users through kerberos on a windows 2003
server AD. Basically, I followed the klaubert tutorial [1], part on
Negotiate/kerberos authentication.
See also
Message-
From: Henrik Nordstrom [mailto:hen...@henriknordstrom.net]
Sent: Monday, August 17, 2009 6:04 PM
To: Daniel
Cc: 'Amos Jeffries'; 'Markus Moeller'; squid-users@squid-cache.org
Subject: RE: [squid-users] Re: Kerberos Authentication - Squid 3.1.0.13
mån 2009-08-17 klockan 15:41 -0400
tis 2009-08-18 klockan 15:42 -0400 skrev Daniel:
Gentlemen,
I realize that my question has morphed into a general SLES question,
so I won't keep this chain going forever. Here's my last question to
you guys before I start looking for outside help on our SLES 11
implementation (ie;
, August 14, 2009 11:47 PM
To: Daniel
Cc: 'Markus Moeller'; squid-users@squid-cache.org
Subject: Re: [squid-users] Re: Kerberos Authentication - Squid 3.1.0.13
Daniel wrote:
Markus,
First, please correct me if I'm wrong but I looked for 'gssapi.h' in
config.log and I'm assuming
mån 2009-08-17 klockan 15:41 -0400 skrev Daniel:
Amos,
Thanks for your response. I have the following already installed:
gssapi related:
'cyrus-sasl-gssapi'
'cyrus-sasl-gssapi-32bit'
'libgssglue1'
'librpcsecgss'
krb related:
'krb5'
'krb5-32bit'
'krb5-client'
What you are
-cache.org
Subject: [squid-users] Re: Kerberos Authentication - Squid 3.1.0.13
Hi Daniel,
Did you see any configure errors for gssapi.h ?
Markus
Daniel sq...@zoomemail.com wrote in message
news:001301ca19fe$9f450a50$ddcf1e...@com...
Good afternoon,
In my attempt to get Squid on our SLES 11
Daniel wrote:
Markus,
First, please correct me if I'm wrong but I looked for 'gssapi.h' in
config.log and I'm assuming that config.log contains all the log information
from doing a /configure? Assuming that I am correct, I couldn't find
'gssapi' anywhere inside the log file so I'm not
Hi Daniel,
Did you see any configure errors for gssapi.h ?
Markus
Daniel sq...@zoomemail.com wrote in message
news:001301ca19fe$9f450a50$ddcf1e...@com...
Good afternoon,
In my attempt to get Squid on our SLES 11 box authenticating with
Kerberos (negotiate), I used the following to
97 matches
Mail list logo