Reputation: 564
Squid kerberos authentication
I am running a squid proxy server (CentOS 5) that I am trying to get working with kerberos through our AD server (Windows Server 2008).
I have followed the instructions here: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
To setup a keytab for the server, which has all worked perfectly.
The problem occurs when I attempt to use the proxy from a client PC, where it immediately falls back to basic authentication.
If I use the ip address of the proxy I receive this message in cache.log:
authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token'
If I use the domain name of the proxy I receive this message in cache.log:
authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Configuration file does not specify default realm'
If I run klist on the client it has a ticket for the proxy server listed.
Thanks in advance!
Upvotes: 0
Views: 6109
Answers (1)
Reputation: 91
You need specify spn in the helper inside squid.conf
With the -s http/fqdn@REALM
Upvotes: 0
Related Questions
- linux kerberos auth to two domains
- SQUID: How to disable authentication?
- Basic Authentication in Squid Server(behind NAT) over internet
- Kerberos Authentication always unsuccessful
- Active Directory Authenticated Proxy Server with Squid or CNTLM
- Kerberos Authentication with Burp Proxy
- PHP Active Directory authentication with Kerberos
- Authenticating with Active Directory via Kerberos
- Auth for squid in combination IP, Username and password
- Squid asks for username and password when using NTLM