Hello, I've recently managed to setup squid3.0 (STABLE8, on Debian Lenny) to authenticate requests via a Win2003 machine over Kerberos. It's working well with IE7 (on XP), but neither IE8 nor FF3.0 (both on Windows 7) will authenticate successfully. When I configure a squid_ldap_auth backup it will authenticate, but when I specify only negotiate it will fail miserably.
This is what I'm getting in cache.log: 2010/02/02 10:53:48| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid (length: 59). 2010/02/02 10:53:48| squid_kerb_auth: parseNegTokenInit failed with rc=101 2010/02/02 10:53:48| squid_kerb_auth: received type 1 NTLM token This puzzles me as I've setup network.negotiate-auth.trusted-uris in Firefox correctly (I've tried setting it to both domain.com and proxy.domain.com). Using kerbtray I don't appear to have any tickets for http/fqdn/realm.com. Should I have? Do I need to restart Windows? IE8 appears to prompt for Integrated Security but when I enter my credentials nothing happens. The same log entry above appears. Any help much appreciated. cheers Mike
