Hi,
We´re working on a substitution of an ISA by a SQUID server. The problem is that we have more than 8.000 users and the authentication is based on a Microsoft AD, so we intend to use kerberos authentication to have a better perfomance.
We´re using a CentOS 5 with all patches installed. A squid rpm from Martin Nagy, squid-3.0.stable7-1.el5.
After the configuration based on Klaubert´s howto, http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/ our user can´t be authenticated. Messages in cache log says:
2008/09/11 16:20:00| squid_kerb_auth: Got 'YR YIIGBQYGKwYBBQUCoIIF+TCCBfWgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBcsEggXHYIIFwwYJKoZIhvcSAQICAQBuggWyMIIFrqADAgEFoQMCAQ6iBwMFACAAAACjggTNYYIEyTCCBMWgAwIBBaEaGxhSRURFQ0FNQVJBLkNBTUFSQS5HT1YuQlKiMTAvoAMCAQKhKDAmGwRIVFRQGx5zcXVpZC5yZWRlY2FtYXJhLmNhbWFyYS5nb3YuYnKjggRtMIIEaaADAgEXoQMCAQWiggRbBIIEV5Qm2NMy0gKKYtuKMx9T12WKM24qutQRoxsSas4vjjo+NnezSCPp6KqjT1MZpLX9YnAshwpqWmWx+jW4ciP9s2Mn9MQkRPbCfmwtQi8/toSCp7X7uXMivLTKgT0ecuaYibQyuIuSopRINZnZ5Cv5r2uG2DFyO97NuzOTfDAcSXPKWvJa6zUwwcMXGA3xDX3ZG35iXTEmXm1FTDZ8pN1xSEDaFWlxTbh8y8GhIy1XJ17hIu68+MXuwYka7Gey/Ll1rv+bCh4Takzwgl1k0FIrYlHRyvZB38g1I5Z+RKrZZj/E6jjXwGJSOAK4oTGcDUl7gdrfNtzZgu/wxwgn669V7f6724xEoPb1Gm3RUhCIEstN2BI9NKAFUSAdEoC30ax/bXDQrELiq30wgQywd9LzON+r0IwqCDiMWdwA5u8NZcVSLuhvd2bpvP5+Xh/8jH4L4A+d30NrUmM3hnWHIMfLi6n6gyOVEpurlAFrNMDz7YdaXugak2mZfHBYJHcsn+h1YFzo5p1r2UrYZ7Hu6pe8MOTKZCwxmG3QfYYhDIZk9UVa8zkzMCfwAjuxUmmLlwgXmPdPnmPs6mDi35MaF4BDyeDiaxmRhSOlj6ouNJUnLFDw3JofTU5EVayXxMC6EIKn3PdtEQf/sdHuD6lO/AS5q7pnLC/wzN/j4q1YzA5i2m4Gr5sZgaR/Idl28jGpyAO4hjaA2I2P+K4v9HDw4u46u0ULOwbFIIEiBw4O858hsVCtEqhDPnPRG8FgKgm+dVragUhxRpvwzoLXAx4CZzxXxtdCmw1APMf3N75InpLUTu+cmB6Jenf8ItG+pqySmnkJrtvjqClVpkfskomBvk9WHYyFLymzqgrWKFRbSVdkaW31ZtsfuMNGvp8t8Pn6bgkPgc6tFpnrYXek6MiGxnRVjCaWkNO2YKSEen71NxeAvlCKwXOgNBhdQTsl4EohQYMs6R4TDkqBa76Ct5VCas2QxcQPhZXweqHKFVLM6FGjlshwiNeIPlw4dpLuI69QrBimDGfgzdKES5pWll1uP9BO/s6ZAKu/+nAShzTIHNah7yO93XUIJyAe+upQ74Df+9vak1/bRJ5h0YZ0TFHVDL/modfD9LGk0Y+JSe8ZB1bOAbp8Ihyd/0dXnzFUk3YY8m8SCRADrcrUR2L8PogRYkaZ4vyp/wYqje8JvrQW9QTGvR7iWfyTddcZw6Cn6wJOWD2QexlJbGfF0m1Y+koHs4rIM3qbIqXKtSi3Ridv5s3nhLQdO3+rmnQcOYDHusmoXHXkfbvrK/rEMZq3YWCEJxKdIYMcn4GXy7ETT2MeIcl0ru736f0a/cPZAhcmYhGiztrHABssUjkLX8GFJjd25SWiEF5uAgbclb1fP+kEcaP5o+Tb35q41us5bdjp8nnFyyMq8dTxU6ZhxC005XHBXz03OzDbK9NFVxnunR0zTdw9pBpeFbh4OlL7Qa/Y1GUUhZ3VRiPpSqFnzPKkgccwgcSgAwIBF6KBvASBuaYouu2CHeCrcwba+doecIQim1G9hP6lhmHEXsNylD5wv7M0yKz6Rez+wRZ9Tv+yh37B55dyeCrkd8vU+TWou7lyq7ABvVsYY+0wwaLDs94ENrUm1QTGI/bIA+aynl+gnFsqwrNFAN0q3psNb0LqInleHut9/v/Pj66EHxAC20CemdCK8yW9hhlhhF3YLTvT6ZXzk7+o8iavL4ijQQwy1Lk3qdP5rzUDhBaGb8SndDP3/f/Jv8kmOHQY' from squid (length: 2063).
2008/09/11 16:20:00| squid_kerb_auth: parseNegTokenInit failed with rc=102
2008/09/11 16:20:00| squid_kerb_auth: gss_acquire_cred() failed: An invalid name was supplied. Configuration file does not specify default realm
2008/09/11 16:20:00| squid_kerb_auth: User not authenticated
Questions:
1- Does anyone have squid_kerb_auth working with CentOS 5 and Windows 2003 AD serve?
2- Should we use kerberos authentication or NTLM is ok (based on the number of clients)?
Any help is appreciated.
Best regards,
Conrado
_________________________________________________________________
Conheça o Windows Live Spaces, a rede de relacionamentos do Messenger!
http://www.amigosdomessenger.com.br/
Received on Thu Sep 11 2008 - 19:42:49 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 12 2008 - 12:00:03 MDT