[squid-users] Re: squid_kerb_auth received type 1 NTLM token

Hello Markus,

Sorry for my slow reaction.

1) I did a klist on the squid server and got this ticket:

squid3-proxy:/var/log/squid-3.1.3# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator_at_DOMAIN.LOCAL
Valid starting Expires Service principal
05/09/10 14:35:00 05/10/10 00:34:04 krbtgt/DOMAIN.LOCAL_at_DOMAIN.LOCAL
    renew until 05/10/10 14:35:00
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

=> Do I have to renew this ticket from the server everyday? I thought that I
only needed this ticket once to get my squid server into the AD domain
with the
msktutil?

2) I installed the kerbtray tool from the windows 2003 tools on my xp pc.
My xp pc is connected via a windows vpn for this test, I logon with my
domain
credentials, connecting to vpn works fine, As soon as I try to connect
to a site
via the squid3-proxy server, I get one ticket in kerbtray.
This is the only ticket I have in the list:
krbtgt/DOMAIN.LOCAL for the client principal: bait_at_DOMAIN.LOCAL
the service name is: krbtgt/DOMAIN.LOCAL_at_DOMAIN.LOCAL
target name is: krbtgt/DOMAIN_at_DOMAIN.LOCAL
flags: forwardable, renewable, preauthenticated, initial
encryption types: ticket encryption time: etype 18 and key encryption
type: etype 0

regarding DNS, I doublechecked and A and PTR lookup are ok from the client.

3) When I open a site in my firefox browser on the client where I put
the fqdn
name as proxyserver, I see following in the cache.log on squid:

2010/05/09 14:59:03| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
(length: 59).
2010/05/09 14:59:03| squid_kerb_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded
length: 40).
2010/05/09 14:59:03| squid_kerb_auth: WARNING: received type 1 NTLM token
2010/05/09 14:59:03| authenticateNegotiateHandleReply: Error validating
user via
Negotiate. Error returned 'BH received type 1 NTLM token'
2010/05/09 14:59:04| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid
(length: 59).
2010/05/09 14:59:04| squid_kerb_auth: DEBUG: Decode
'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' (decoded
length: 40).
2010/05/09 14:59:04| squid_kerb_auth: WARNING: received type 1 NTLM token
2010/05/09 14:59:04| authenticateNegotiateHandleReply: Error validating
user via
Negotiate. Error returned 'BH received type 1 NTLM token'

4) It seems that winpcap 4.1 which I installed on my client is not able
to scan
the ppp interface which I use to connect to the windows vpn.
I will send a dump from that traffic as soon as I have access to a pc at the
location. (non vpn)

How do I add a dump from wireshark?
I got a tcpdump on the squid server which I opened in wireshark and then I
exported it as a plaintext file (all captured traffic, 49 packets) but it's
quiete large. (about 917 lines)

Thanks for your help.

kind regards,
Lieven
Received on Sun May 09 2010 - 13:48:24 MDT