Moeller
Cc: squid-us...@squid-cache.org
Subject: Re: [squid-users] Kerberos Authentication Failing for Windows 7+ with
BH gss_accept_sec_context() failed
Hi Markus Moeller,
Hi Markus,
Yeah, I'm currently using that option and permissions are correct too.
On 27 Oct 2014 19:47, Markus Mo
Victor Sudakov wrote:
>
> However, I am eager to know what could be causing such weird tickets
> to be issued, but I think only a Windows expert can tell. After all,
> the key in the tickets is correct, only the principal name is changed.
> I only suspect that the name is changed when the client s
Markus Moeller wrote:
> Hi Pedro,
>
> I looked at your captures and I observed something similar to
> Victor???s issue. I see KRB5KRB_AP_ERR_MODIFIED and then the
> use of the name of the AD object (e.g. proxy$) instead of
> HTTP/.
Dear Pedro,
If it is so as Markus wrote, th
Hi Markus,
Thanks for all your help. I'll do some more testing on monday and I'll let you
know how it goes. Hopefully it'll be working as expected once having removed
the unused AD servers and sorting out and sync issues.
Cheers and have a great weekend!
Pedro
On 1 Nov 2014, at 13:11, Markus M
Hi Pedro,
I looked at your captures and I observed something similar to Victor’s
issue. I see KRB5KRB_AP_ERR_MODIFIED and then the use of the name of the AD
object (e.g. proxy$) instead of HTTP/. I also see that you have
more than one AD server and I assume there is a sync problem betwe
Thanks Jon,
If it had never worked on Windows 7, then I could possibly see that as being an
issue, but the fact that it's worked and then a couple if days later stopped,
leads me to believe that is not the issue here.
Thanks anyway for your input.
Cheers,
Pedro
On 28 Oct 2014, at 1:17, John M
14.04 to know whether the patch is
> included in the later versions.
>
>
>
> Regards
>
>
>
> Paul
>
>
>
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Pedro Lobo
> Sent: Tuesday, 28 October 2014 7:26 AM
> To
lto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Pedro Lobo
> Sent: Tuesday, 28 October 2014 7:26 AM
> To: Markus Moeller
> Cc: squid-us...@squid-cache.org
> Subject: Re: [squid-users] Kerberos Authentication Failing for Windows 7+
> with BH gss_accept_sec_context() fa
Hi Markus,
When I get in to the office tomorrow, I'll do that and send you the .cap file.
Thanks for all the help so far.
Pedro Lobo
> On 27 Oct 2014, at 20:53, Markus Moeller wrote:
>
> Hi Pedro,
>
>Can you capture the traffic from one Windows 7 on XP client on port 88 (
> just afte
Hi Pedro,
Can you capture the traffic from one Windows 7 on XP client on port 88 (
just after the login before access a website via squid until successful or
unsuccessful accessing the website) using wireshark ? Send me the .cap files
to check.
Markus
"Pedro Lobo" wrote in message
news
Hi Markus Moeller,
Hi Markus,
Yeah, I'm currently using that option and permissions are correct too. ___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi Pedro,
Did you try the –s GSS_C_NO_NAME option ?
Markus
"Pedro Lobo" wrote in message
news:94f74226-f24b-4910-95b7-b86ace815...@gmail.com...
Hey Everybody,
Seems as though I celebrated too soon on Saturday. Today things are back to not
working for Windows 7+ machines and XP/2003 machin
Hey Everybody,
Seems as though I celebrated too soon on Saturday. Today things are back to not
working for Windows 7+ machines and XP/2003 machines are working just fine.
I've also checked the permissions on the keytab file and they haven't changed
since Saturday, so it's not that... ARGH
Hi Markus,
Yeah, it seemed so at the time. I tested with the same user on a Windows 7 and
2003 server. Worked fine on one and not the other. Since correcting permissions
on the keytab file it's working fine on both. Could also be a total coincidence
honestly. I've tried so many things I lost tr
Hi Pedro,
Good to know you solved it. From your post it sounded like XP worked and
Win 7 didn’t
Markus
"Pedro Lobo" wrote in message
news:75991cae-5f10-4635-b012-d372c27f8...@gmail.com...
Hi Markus,
I initially had it configured as such and changed it to auth_param negotiate
program /
Hi Markus,
I initially had it configured as such and changed it to `auth_param negotiate
program /usr/lib/squid3/negotiate_kerberos_auth -d -r -s
HTTP/proxy01tst.fake.net` as a troubleshooting step. I've since then changed it
back. Dan pointed out earlier that it could be a permissions problem,
Hi Pedro,
I wonder if he upper case in the name is a problem. Can you try
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d -r -s
GSS_C_NO_NAME
instead of
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d -r -s
HTTP/proxy01tst.fake.net
Markus
"
Hi Dan,
Well now I feel incredibly stupid!!! Just checked and it seems something
must've changed the permissions on my keytab file (I did mention it was working
at one time). For some odd reason, although squid user and group both owned the
key tab file, only user had read permissions. I haven'
I was recently receiving this (incredibly vague) error. Turns out my squid user
didn’t have permission to read the keytab.
On Sat, Oct 25, 2014 at 8:37 PM, Pedro Lobo wrote:
> Hi Markus,
> I used msktutil to create the keytab.
> msktutil -c -s HTTP/proxy01tst.fake.net -h proxy01tst.fake.n
Hi Carlos,
Yeah, the Windows 7 machine is part of the domain. As for basic auth, I'll look
into setting that up too, although we were hoping to forgo it entirely.
On 25 Oct 2014, at 3:00, Carlos Defoe wrote:
> Windows 7 inside the domain?
>
> Anyway, you should configure a basic auth scheme as
Hi Markus,
I used msktutil to create the keytab.
msktutil -c -s HTTP/proxy01tst.fake.net -h proxy01tst.fake.net -k
/etc/squid3/PROXY.keytab --computer-name proxy01-tst --upn
HTTP/proxy01tst.fake.net --server srv01.fake.net --verbose
Output of klist -ekt:
2 10/24/2014 22:59:50
Windows 7 inside the domain?
Anyway, you should configure a basic auth scheme as a second fallback.
On Fri, Oct 24, 2014 at 9:26 PM, Markus Moeller
wrote:
> Hi Pedro,
>
> How did you create your keytab ? What does klist –ekt show
> ( I assume you use MIT Kerberos) ?
>
> Markus
>
> "Pedro
Hi Pedro,
How did you create your keytab ? What does klist –ekt show ( I
assume you use MIT Kerberos) ?
Markus
"Pedro Lobo" wrote in message
news:40e1e0e7-50c6-4117-94aa-50b065734...@gmail.com...
Hi Squid Gurus,
I'm at my wit's end and in dire need of some squid expertise.
We've got a pr
Hi Squid Gurus,
I'm at my wit's end and in dire need of some squid expertise.
We've got a production environment with a couple of squid 2.7 servers
using NTLM and basic authentication. Recently though, we decided to
upgrade and I'm now setting up squid 3.3 with Kerberos and NTLM
Fallback. I'v
24 matches
Mail list logo