ons 2011-01-19 klockan 13:12 +0100 skrev Rafal Zawierta:
authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error returned 'BH received type 1 NTLM token'
That the client selected to use NTLM, not Kerberos. The squid_kerb_auth
helper only supports Kerberos. To support NTLM
On Wed, 2006-12-20 at 11:06 +0100, Henrik Nordstrom wrote:
The Negotiate scheme is SPNEGO by definition.
Hrm. Firefox seems to disagree, at least in it's implementation. Squid
sends Negotiate as the authentication mechanism and Firefox responds
with Kerberos.
Native KRB5 is the Kerberos
Hi,
This is not a question, but information I wanted to share :-)
Having got kerberos authentication working a few weeks ago with squid
on a test box, I came back to test again and could not get kerberos to
work, The Browser(s) kept sending NTLM to squid (resulting in the
omnious 'BH received
Hi Markus,
Thanks for the info. If squid can use MIT kerberos, then hopefully I should be
ok to get it working with Mac OS X Server (and OpenDirectory), based off
http://developer.apple.com/opensource/kerberosintro.html
On the Novell front, it's harder to find info on it's kerberos integration
??? ? undelb...@gmail.com wrote in message
news:cf132a050909030128ke05b19bl5cfc7e0f6ac81...@mail.gmail.com...
I've configured Kerberos authentication for users in AD, but there is
one problem: after half an hour IE7 forgets about Kerberos and tries
to use NTLM. User have to restart
On 22/9/2011 8:47 πμ, Nikolaos Milas wrote:
Many thanks Markus,
I also discovered, after each authentication attempt from the browser,
in squid cache.log the following errors:
A question that might shed some light:
Do I have to create a kerberos host and service for every final client
I can write a subroutine (or can it be a helper program ? ) for Kerberos
authentication I only need to find the right place in squid to call it.
Markus
Wisskirchen, Dominik /Z22 [EMAIL PROTECTED] wrote in
message
news:[EMAIL PROTECTED]
Hello all,
Can I use a ISA Server 2006 as a cache_peer
One more thing I am using Samba, I could not use mskutil. Is there any issue
with Kerberos and Samba.
OS: Redhat EL6.2
squid-3.1
thanks,
-Original Message-
From: Markus Moeller [mailto:hua...@moeller.plus.com]
Sent: Sunday, June 24, 2012 2:59 PM
To: squid-users@squid-cache.org
Subject
On 17/04/2013 6:56 p.m., Sean Boran wrote:
Hi,
Kerberos is authenticating http/s traffic for me from certain client
addresses just fine.
However ftp is being rejected, does the browser+squid not auth ftp in
the same way as http?
If ftp does work with kerberos, is there a way (ACL) that ftp
Hi Marko,
Squid's kerberos helper has debug mode. Just add '-d' switch to
'auth_param negotiate program /usr/sbin/squid_kerb_auth' string in
squid.conf file.
Also here are some useful information and tips:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Troubleshooting_Tools
tis 2009-09-01 klockan 11:41 +0400 skrev Дмитрий Нестеркин:
I'm trying to configure Kerberos authentication for Squid 2.7 (Debian
Lenny, MIT kerberos; Windows Server 2003 no service packs), but no
luck :(
Have you set the env variable telling squid_kerb_auth which keytab to
use?
Do the user
We are getting some Win7 machines so I am migrating our ntlm setup
to Kerberos. Looking at Markus Moeller's kerb guide, I see that it
doesn't state how to control access after successful auth. Looking
online,
http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap
Whilst this relates to ISA I believe this is relevant to my question i.e.
Safari = No to Kerberos:
http://lists.apple.com/archives/client-management/2009/Nov/msg00032.html
Would be grateful to hear of any other experiences
thanks
Nickcx
--
View this message in context:
http://n4.nabble.com
tor 2011-01-20 klockan 01:26 +1300 skrev Amos Jeffries:
As you can see the browser is sending an NTLM handshake instead of the
Kerberos token. The current Squid auth system does not support
Negotiate/NTLM only Negotiate/Kerberos but has no way to tell IE8 that.
Technically Squid do not care
On ons, 2008-06-04 at 15:41 -0700, Alex Morken wrote:
Thank you Henrik. I kind of figured it needed something else, but I
wasn't sure what to put there. Where can I get or generate the
Kerberos GSSAPI blob I need for the input? I have been digging
around kerberos docs and haven't
Wladner Klimach wlad...@gmail.com wrote in message
news:cap3mw_fjxekwugsusqpnowq096nya-a+17+gbtk2sa2jdwu...@mail.gmail.com...
Hello,
i'm running squid with kerberos authentication. The problem is that
it's runing too slow. Looks like squid is negotiating with AD every
URL it tries to get
The computer-name has Windows Netbios limitations of 15 characters (see
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos )
That's it, it worked!!! Thank you Markus!
I reduced the length of the name to under 15 characters
(3MSYDPROXY01-K) and it works fine. I feel foolish
Hi,
I wrote two squid helper programs which are available at
http://squidkerbauth.sourceforge.net/
The first program is a Kerberos based authentication helper program and uses
the Proxy Negotiate header with SPNEGO/Kerberos tokens. It will be part of
future squid-2 releases.
The second help
tis 2007-06-12 klockan 19:47 +0100 skrev Markus Moeller:
I wrote two squid helper programs which are available at
http://squidkerbauth.sourceforge.net/
The first program is a Kerberos based authentication helper program and uses
the Proxy Negotiate header with SPNEGO/Kerberos tokens
Isnard, I think I have a problem with samba / winbind. I tried squid using the
squid_unix_group with the machine I´ve configured with Kerberos and it worked.
Now I configured samba on a testmachine that was unconfigured before and tried
wbinfo -g and I become error messages. So I think
Hello,
I am currently using Squid 3 with Samba 3 and NT4 using smb_auth basic. We
are upgrading our NT4 servers to Server 2003 with ADS and with no Kerberos
support. What authentication method can I use that does not use Kerberos
and still gives me the control of who has access to the internet
It is possible to use squid_ldap_auth with ADS, if thats OK with you.
Sunil
Jason Urkow [EMAIL PROTECTED] 07/06/04 09:47AM
Hello,
I am currently using Squid 3 with Samba 3 and NT4 using smb_auth basic.
We
are upgrading our NT4 servers to Server 2003 with ADS and with no
Kerberos
support
On 23/03/2012 11:58 p.m., JC Putter wrote:
Hi
I configured my proxy with kerberos authenitcation, when doing ntlm or basic
authentication only the username is logged. When using Keberos the realm is
added to the username (@EXAMPLE.COM)
Is it possible to strip this from the username using
On Dec 24, 2012 4:15 PM, Noc Phibee Telecom n...@phibee-telecom.net wrote:
Hi
If i want change my authentication process from NTLM/Samba to Kerberos,
what is the process for add a group check ?
Actually i use wbinfo_group.pl, but in kerberos, i can't start winbind
process.
what
Hi
I have successfully configured kerberos authentication in squid 3.1.10
using squid_kerb_auth helper and tested it in IE and Chrome on machine
joined to a Windows 2008 domain controller.
I took a look at squid's access.log and recognized that almost 40% of
the requests have failed on the first
fine when I was switching from no auth to NTLM, but not now
when I am switching to kerberos. I have created keytab for
HTTP/squid03.example@example.com and clients are authenticated fine
if their browsers are configured with squid03.example.com, but not with
proxy.example.com.
Is it possible
Good morning all.
I have been trying to get Kerberos with nltm fall back working for a
couple of days with limited success, and was wondering how to debug
the Kerberos end of things.
I can see a token getting to the server, running ktutil against the
keytab shows all expected spns, running
Hello,
I'm considering dropping the use of NTLM in favor of Kerberos
(auth_param negotiate) to authenticate users against my AD 2003
server. To do this, I would like to use the squid_kerb_auth program.
Prior starting my work on this, I was wondering what would happen for
users not currently
On Fri, Dec 11, 2009 at 4:17 PM, Robert Schenck robschenck...@gmail.com wrote:
There is almost nothing about Kerberos, and it has no mention of
password prompts...
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
http://wiki.squid-cache.org/Features/NegotiateAuthentication
deal
On Wed, Jan 13, 2010 at 3:03 PM, Olivier CALVANO o.calv...@gmail.com wrote:
Hi
I am search a good how to for add a Kerberos authentification at my Squid
Proxy.
Anyone have this ?
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
Actually, i use Squid with NTLM Auth, when
Hi Guido
OK, thank you for this answer.
I'm already using FireFox with W2K...and this works really fine.
Regards,
Tom
2010/7/1 Guido Serassio guido.seras...@acmeconsulting.it:
Hi,
Sorry, You cannot.
IE6 supports Kerberos Auth only for Web server authentication, not for proxy
Hi
I'm searching a way to authenticate IE6-clients with ntlm based on
group-membership and all other clients (IE7, IE8) with kerberos (also
group-membership-based).
I'm able to authenticate with kerberos AND group-membership
(squid_kerb_ldap), but the IE6-clients will then prompt
On Wed, 2 Nov 2011 15:52:05 +0200, Oguz Yilmaz wrote:
--
Oguz YILMAZ
On Wed, Nov 2, 2011 at 1:44 AM, Amos Jeffries squ...@treenet.co.nz
wrote:
snip
Firstly and most preferred is to move to Negotiate/Kerberos
authentication.
It is more than twice as efficient as NTLM and offers modern
On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote:
Hello,
i'm running squid with kerberos authentication. The problem is that
it's runing too slow. Looks like squid is negotiating with AD every
URL it tries to get. Anyone could point me a way out?
A few things:
* Double-check
On Fri, 5 Aug 2005, Garrett Stoupe wrote:
We are currently Using Active Directory and in the near future they will
want to do the authentication via Kerberos,
MSIE does not (yet?) support Kerberos to proxies, only NTLM. Firefox and
perhaps a few others do support this with some tinkering
lör 2006-03-18 klockan 10:12 +0530 skrev Logu:
Thanks for your response D.R. I would like to know what role does kerberos
play when authencating with ntlm scheme.
None. NTLM is the Windows NT authentication method, supported by Active
Directory in parallel to its Kerberos authentication
Somebody knows a module like squid_ldap_group with krb5/sasl bind
support instead simple?
Thanks!
--
DiegoWS
LANUX
Greetings,
Which versions of kerberos are compatible with ntlm authentication in squid
2.5? Up to now, I have compiled samba with kerberos 1.3.6, as more recent
versions appear to break ntlm authentication.
Running the command wbinfo -t after compiling samba with the newer kerberos
version
Hello,
I'm using squid_kerb_ldap (via external_acl_type) to authenticate via kerberos
and authorize access via ldap groups.
This seems to work. Partly anyway. My problem is:
Most of the traffic is authorized as shown in the access.log file which shows
GETs and CONNECTs using the respective
Amos,
Thank you for the reply, I see the -r switch is the one that does the trick.
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: 23 March 2012 01:12 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] strip Kerberos Realm
On 23/03/2012 11:58
On 3/04/2012 7:26 p.m., Anders.Larsson wrote:
Hi!
Im using at the moment ntlm to auth to AD, I got a test server that are using
Kerberos..
Now I want to change the prod machine to use Kerberos to.. is there a way to
have both auth directives in conf ?
Yes. Simply put them both in.
http
Can you check that the squid user has read access to the Kerberos keytab ?
Did you set the environment variable KRB5_KTNAME pointing to the Kerberos
keytab in the startup script ?
Markus
Navas vmna...@gmail.com wrote in message
news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com...
Hi,
I am
Hi
we search a expert for configure a squid with a Kerberos auth.
Commercial Prestation.
Best regards
Jerome
One partial answer to my own question: in the proxypac, ftp traffic
could be diverted to another proxy:
if (shExpMatch(url, ftp:*)) {
return PROXY otherproxy.mysite.ch:80;
}
On 17 April 2013 08:56, Sean Boran s...@boran.com wrote:
Hi,
Kerberos is authenticating http/s traffic for me
I am trying to set up kerberos authentication in the following environment:
Kerberos server: Windows 2008 R2 domain controller
Proxy OS: FreeBSD 9.2-RELEASE amd64
Squid version: squid-3.3.9
The problem is the fact that kerberos authentication sporadically starts
to work (no auth popups, cache
I forgot this link to an Example configuration:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
2010/4/8 Khaled Blah khaled.b...@googlemail.com:
Hi Bilal,
1. ktpass and msktutil practically do the same, they create keytabs
which include the keys that squid will need
BTW You do not need Administrator rights. You can set permission for
different Groups on OUs for example for Unix Kerberos Admins.
Markus
Khaled Blah khaled.b...@googlemail.com wrote in message
news:n2j4a3250ab1004080957id2f4a051xb31445428c62b...@mail.gmail.com...
Hi Bilal,
1. ktpass
squid_kerb-auth should work.
Markus
Ron Richardson rrichard...@liverpool.k12.ny.us wrote in message
news:fc.000f714603d9ae87000f714603d9ae87.3d9a...@liverpool.k12.ny.us...
Has anyone put Kerberos authentication into the MacPort of Squid? If so,
would you care to share how you did
Hi list,
does anybody know if there is any change to define a backup kerberos
authentication server?
Do I have to set anything in krb5.conf to support more than one AD server?
If I want to reboot the kerberos server squid should still be able to
authenticate.
Are there any hints?
Regards
Update:
First a correction, it should've been I know this information seems
rather limitedinstead of I know this information see.
I recompiled Squid with just Kerberos and still received the same error.
On Fri, Dec 11, 2009 at 9:58 AM, Robert Schenck robschenck...@gmail.com wrote:
Hello
Hello,
Rather than get ERROR: Cache Access Denied when non-authenticated
users connect to the proxy, I'd rather have Squid prompt with a log-in
box, allowing users to log in with their Kerberos credentials. Is this
in any way possible?
Thanks a ton.
Hi,
I solved the problem described in my mail Problem with kerberos against
AD:
I added the export of the variable KRB5_KTNAME to the file
/etc/profiles, now I added the export to the start-script of squid and
it works.
Kind Regards,
Ralf
Hi Amos,
Thanks for the reply, you have left me very confused, though. We are talking
about MIT's kerberos, right?
http://en.wikipedia.org/wiki/Kerberos_(protocol)
My understanding is that kerberos is a protocol for authentication, and other
directory services (like Mac OS X's OpenDirectory
tis 2010-05-18 klockan 20:00 +0100 skrev Markus Moeller:
BTW Would you be interested to include squid_kerb_ldap - my ldap
authorisation module with Kerberos authentication to an ldap server ?
Yes. Submissions are always welcome. Just post the merge request to
squid-dev.
Regards
Henrik
But then, in 2006, Henrik Nordstrom says[2] neither squid_ldap_group nor
squid_ldap_auth support Kerberos SSO. After the initial posting of the patch
in '04, I can't find any more references to it on the mailinglists.
See squid_kerb_ldap.
http://squidkerbauth.sourceforge.net/
jlc
Hi all,
I am trying to get my squid server to talk to AD. It seems there are two
ways of doing this . Squid - ldap - kerberos - ad or Squid - winbinds
- kerberos - ad.
Is there a prefered method or do both work the same?
Cheers,
Simon
Right now I'm running NTLM authentication with 2.6STABLE5 (Debian Etch).
Has anyone here switched over to Kerberos authentication in a Server
2003 domain? It seems fairly straightforward -- any pitfalls to avoid?
James ZuelowCBJ MIS (907)586-0236
Network Specialist
On Wed, 16 Feb 2011 23:03:55 -, Markus Moeller wrote:
But if I remember right 3.2 has a bug spawning the Kerberos helper.
Markus
Sort of, it asserts when merging two sets of credentials together from
parallel connections.
'm working on it.
Amos
On 30/04/11 20:13, Go Wow wrote:
When I run msktutil I get this line in the output.
krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
I did kinit before issuing msktutil and it ran successfully. I can see
tickets when I issue klist.
Tickets, klist and keytabs do
Hi,
I have two squids using NTLM auth against AD. Those squids are used by
client through a single A DNS entry (proxy.domain.tld) (so round robin).
I want to switch to kerberos, but I don't know what to create with
msktutil:
- two machines with same proxy.domain.tld UPN ?
- one machine used
On 23/9/2011 2:23 μμ, Markus Moeller wrote:
This now goes more into how to setup Windows clients ( Do I
understand right taht you use IE on XP or Windows 7) with MIT Kerberos.
Yes, I am using IE 8 and/or Firefox 6 on Windows XP with MIT Kerberos.
Therer are several guides for this like
proxy_auth Administrator@TEST.LOCAL administrator
Administrator@TEST.LOCAL works with kerberos
administrator works for ldap, but not for kerberos
any help will be appreciated :)
Good Morning,
I have a proxy squid on debian with kerberos authentication and it works fine.
I would create a cluster load balancing for 2/3 proxy squid.
In particular, the clients connect to the load balancer, that
redirects the request to one of the proxies.
These proxies will must authenticate
I enabled kerberos auth on an AD domain with a fallback to ldap basic
auth.
It seems that if someone use the proxy from another lan in another AD
domain on which I have no control, the basic auth is not used.
Is this understandable? Any way to work around this?
Hello,
i'm running squid with kerberos authentication. The problem is that
it's runing too slow. Looks like squid is negotiating with AD every
URL it tries to get. Anyone could point me a way out?
Best regards,
Wladner
Hi All,
is it possible to authenticate a squid (squid-2.6.STABLE6-4.el5) against
Active Directory without using Kerberos ?
I found this in the wiki
http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM?hig
hlight=%28%5EConfigExamples/%5B%5E/%5D%2A%24%29, but nothing without
Hi all,
I write a simple Howto for use kerberos to authenticate a user in
Active Directory and make authorization with Ldap also in AD using
group membership to control the access.
its at http://klaubert.wordpress.com
I hope that be useful to somebody,
Klaubert Herr
Excelent. I will try it. Thanks very much.
Hi all,
I write a simple Howto for use kerberos to authenticate a user in
Active Directory and make authorization with Ldap also in AD using
group membership to control the access.
its at http://klaubert.wordpress.com
I hope that be useful
In my opinion I don't need the NTLM stuff when I use the AD system
Is this correct ?
No. When a client does not recognize Kerberos (Win 9X, NT) it falls
back to NTLM
(My area of knowledge is MS, not Linux)
I think Squid will act like a MS client that dos not support Kerberos
ufdbGuard is an active fork of squidGuard.
ufdbGuard also does HTTPS probing for safer HTTPS traffic and has safesearch
enforcement.
On 03/23/2012 05:04 AM, JC Putter wrote:
Hi,
We are using squid with Kerberos authentication (AD). What is a good content
filter to use these days
On 3/23/2012 9:04 AM, JC Putter wrote:
Hi,
We are using squid with Kerberos authentication (AD). What is a good content
filter to use these days? Dansguardian seems to lack Kerberos support. Is
squidguard development is active?
:) my bit of salt is qlproxy
to
indicate you can specify it for the 'Kerberos' auth mechanism
(http://msdn.microsoft.com/en-us/library/cc246225%28v=prot.10%29.aspx)
Authentication is enabled at the outbound server, and it challenges Alice's
client. The server indicates support for NTLM and Kerberos in the challenge.
SIP/2.0 407 Proxy
not use mskutil. Is there any issue
with Kerberos and Samba.
OS: Redhat EL6.2
squid-3.1
Hiya,
Thnx for the fast reply, and yes, I did give it permission...
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Error-with-Squid-proxy-to-Kerberos-authentication-tp4656265p4656269.html
Sent from the Squid - Users mailing list archive at Nabble.com.
On Thu, Apr 25, 2013 at 10:50 PM, Jürgen Obermeyer sq...@oegym.de wrote:
My main idea is to try kerberos first, and if it fails, use basic
authentication. I don't understand why this works fine with Firefox, but not
with IE.
Based on what you wrote, I think the authentication that is working
...@mail.gmail.com...
Hi,
I have squid 3.2.8 with Kerberos auth.
Everything seems to work but why do some logs show the computer name
(user-pc$) instead of the username?
Thanks
Thanks Markus. I posted my error and the solution. Perhaps you didn't receive
the mail
A lot of thanks.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-with-2008-2003-DC-tp4659198p4659861.html
Sent from the Squid - Users mailing list archive
I think the BCP (best current practice) is to use, in sequence:
1) negotiate_wrapper configured with kerberos and ntlm
2) pure ntlm with ntlm_auth
3) one basic auth of your choice
Inserting those three methods in sequence on your squid.conf will do the job.
If you have problems with prompted
thx for your confirmation(i did the right. thing ). let us go back to my
issue. cld you pls help ?
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-proxy-kerberos-authentication-failure-Help-tp4663964p4663976.html
Sent from the Squid - Users mailing
Hi.
On 24.12.2013 20:39, Markus Moeller wrote:
Could you tell me which OS , kerberos, ldap and sasl version you use ?
It's
FreeBSD 10.0-BETA2 amd64
Heimdal Kerberos 1.5.2
cyrus-sasl 2.1.26
openldap-sasl-client-2.4.38
last two are from FreeBSD ports, -sasl- means it's compiled
Hi,
Today i am having error in squid cache.log error while initialising
credentials from keytab client not found in kerberos database squid.. My
clients that are authenticating through Active Directory fails to browse
internet on other hand IP Based access is working fine. Please help
a normal windows client will
behave when he connects to internet through MS ISA Proxy in a Active
Directory environment - which will not prompt username/password
because of the Kerberos) by using the kerberos to communicate with
the Win 2k3 Domain Controller.
2. Without any downtime.
Am i dreaming
Hi Markus,
If you have a Windows client and the proxy send WWW-Proxy-Authorize:
Negotiate the Windows client will try first to get a Kerberos ticket
and
if that succeeds sends a Negotiate response with a Kerberos token to
the
proxy.
If the Windows client fails to get a Kerberos ticket
and the proxy send WWW-Proxy-Authorize:
Negotiate the Windows client will try first to get a Kerberos ticket
and
if that succeeds sends a Negotiate response with a Kerberos token to
the
proxy.
If the Windows client fails to get a Kerberos ticket the client will
send
a Negotiate response with a NTLM token
Emmanuel Lesouef wrote:
Hello,
I'm currently satisfied with my round-robin DNS enabled cluster of
two Squid with ntlm authentication.
But, with th appearance of Windows 7 and Windows 2008, I see by
searching for documentation on the web that I need to use Kerberos
Authentication if I would
On Wed, 2 Mar 2011 13:58:04 +0100, Henickl Wolfgang wrote:
Hello,
I am looking for a solution of strange Problem. It seems that WinHTTP
Programs under Windows 7 tend to use Kerberos Authentication, instead
of
NTLM. The problem is, that I am working behind a Squid Proxy that is
only configured
On 23/9/2011 10:25 πμ, Markus Moeller wrote:
This is an incomplete Active Directory setup (or Kerberos if you don't
use AD).
Thanks Markus,
As you may have seen from earlier posts, I am using MIT Kerberos on
CentOS. I don't have Active Directory but I am using OpenLDAP which
serves
Hi,
Yes, it is even pretty easy to accomplish. We are using a dedicated
Loadbalancer (but you can of course use LVS as loadbalancer) which is
balancing proxy request to 8 squid instances on 4 different real
servers with Kerberos authentication. We are not using any cache
hierarchy, just 4
On Tue, 22 Nov 2011 15:34:53 +0100, Emmanuel Lacour wrote:
I enabled kerberos auth on an AD domain with a fallback to ldap basic
auth.
It seems that if someone use the proxy from another lan in another AD
domain on which I have no control, the basic auth is not used.
Is this understandable
Amos Jeffries squ...@treenet.co.nz wrote in message
news:a33f8edad2f5caa9757fe142bb456...@treenet.co.nz...
On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote:
Hello,
i'm running squid with kerberos authentication. The problem is that
it's runing too slow. Looks like squid
Hi,
At 01.54 13/10/2006, Chris Vaughan wrote:
Greetings,
Which versions of kerberos are compatible with ntlm authentication
in squid 2.5? Up to now, I have compiled samba with kerberos 1.3.6,
as more recent versions appear to break ntlm authentication.
There aren't any kind of relationship
Actually the issue turned out to concern the location permissions for ntlm_auth.
Chris Vaughan
-Original Message-
From: Chris Vaughan
Sent: Friday, 13 October 2006 9:55 AM
To: Squid-Users (squid-users@squid-cache.org)
Subject: newer kerberos breaks ntlm
Greetings,
Which versions
-windows platform, even when all it has
are KRB5 (or any other non MS specific) credentials.
The Negotiate scheme is SPNEGO by definition.
Native KRB5 is the Kerberos scheme..
But adding a native Kerberos interface to ntlm_auth would make sense as
well, much like it has a native NTLM interface
ons 2006-12-20 klockan 07:47 -0500 skrev Brian J. Murrell:
Hrm. Firefox seems to disagree, at least in it's implementation. Squid
sends Negotiate as the authentication mechanism and Firefox responds
with Kerberos.
The Negotiate HTTP scheme is defined by Internet RFC4559 SPNEGO-based
Dear Sirs,
I configured Squid 3.3.3 with Kerberos and NTLM authentication successfully.
When I enable only Kerberos authentication, domain computers browse
normally and there is no password required.
When I enable only NTLM authentication, domain computers also browse
normally
this question, one would need more information about your
network and your setup. Basically, mixing any other authentication
method with Kerberos is not a good idea. That's because if the other
method is insecure or less secure an attacker who gains access to a
user's credentials will be able
--kerberos kerberos-helper with args
example:
auth_param negotiate program /usr/sbin/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
/usr/sbin/squid_kerb_auth -d -s GSS_C_NO_NAME
Markus
Henickl Wolfgang wolfgang.heni...@apa.at wrote in message
,
You could try my new negotiate wrapper
http://sourceforge.net/projects/squidkerbauth/files/negotiate_wrapper/negotiate_wrapper-1.0.0/negotiate_wrapper-1.0.0.tar.gz/download
Usage:
auth_param negotiate program /usr/sbin/negotiate_wrapper [-d] --ntlm
ntlm-helper with args --kerberos kerberos
Hi,
I a m trying to authenticate users through kerberos on a windows 2003
server AD. Basically, I followed the klaubert tutorial [1], part on
Negotiate/kerberos authentication.
The kerberos stuff seems ok, I can get some tickets using kinit and
see them using klist.
The error message I get
Hello,
First: I'm an intern and know little of pretty much everything. Try to
explain the best you can, please!
I'm trying to set up Kerberos on a Squid proxy server (the server is
to allow access to ip-based content away from the intranet, so it will
be something like so: client -- internet
31 - 130 of 3482 matches
Mail list logo