On 17/11/2015 3:19 a.m., Eugene M. Zheganin wrote: > Hi. > > On 16.11.2015 18:46, dolson wrote: >> >> Squid Version: Squid 3.4.8 >> >> OS Version: Debian 8 (8.2) >> >> I have installed Squid on a server using Debian 8 and seem to have the >> basics >> operating, at least when I start the squid service, I have am no longer >> getting any error messages. At this time, the goal is to authenticate users >> from Active Directory and log the user and the websites they are accessing. >> >> The problem I am having is, when I set Firefox 35.0.1 on my Windows 7 >> workstation to use the Squid proxy, I am getting the log in page (image >> below). >> >> imap://e...@mail.norma.perm.ru:143/fetch%3EUID%3E/INBOX/maillists/squid-users%3E58459?header=quotebody&part=1.1.2&filename=image001.png >> >> I have tried entering my user name in various form EXAMPLE/USERID, USERID, >> EXAMPLE/ADMINISTRATOR, ADMINISTRATOR and the password and I have not had a >> successful at this time. >> >> I have attached the squid.conf, smb.conf, krb5.conf, and access.log files >> for >> review. If you would like to see the cache.log file, please contact me as >> the >> file is too large to include in this post. >> >> > I suggest you first make Basic and NTLM working with active directory, and > only > then, having these 2 schemes working, you move to the GSS-SPNEGO scheme. This > is > because GSS-SPNEGO scheme is overcomplicated and difficult to debug, as it > uses > lots of components and can fall apart easily on any stage. >
I suggest also using a current Firefox release. I am finding the 4x's series work a lot better than the earlier 3x's did on Windows 7. Kerberos also uses the USER@DOMAIN format for user labeling. Sending it Basic USERID) or NTLM (DOMAIN/USERID) formatted labels may be the problem. Kerberos and NTLM are both PITA protocols. But NTLM makes everything worse. If you are able to avoid using it at all and to actively turn NTLM off around your network the Kerberos side of things will work better. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
