Re: [squid-users] Squid 3.1.6, Kerberos and strange browser auth behavior

I would just like to add more info squid_kerb_auth debug in cache.log shows that Squid in IE case got 2x Got/Decode/AF (even though Wireshark says that IE requested and got ticket from AD server 3 times?) while on Chrome case once. On test Fedora setup, where everything works fine, I get one debug Got/Decode/AF series as expected. --- On Tue, 9/21/10, Aleksandar Ciric <aciric79_at_yahoo.com> wrote: > From: Aleksandar Ciric <aciric79_at_yahoo.com> > Subject: [squid-users] Squid 3.1.6, Kerberos and strange browser auth behavior > To: squid-users_at_squid-cache.org > Date: Tuesday, September 21, 2010, 5:52 AM > Hello, > > I have a Gentoo server with 3.1.6 Squid. I have setup > Kerberos authentication with our AD server that works > correctly when accessed from domain member computer. > However when I access it from (fully updated) Windows XP > computer that is not a member of a domain I get a prompt in > IE8, I fill the prompt but have to acknowledge it 3 time in > a row until I am granted access. Wireshark shows that IE8 > successfully goes through AS-REQ/AS-REP TGS-REQ/TGS-REP on > each prompt acknowledgement. It sends same ticket (according > to version number) along with GET request but is let through > only on 3rd attempt. > > Chrome behaves a bit differently, it goes through > AS-REQ/AS-REP TGS-REQ/TGS-REP only once, but only upon > hitting refresh 3rd time (on 3rd GET) it gets through (as > with IE, it does send ticket on first 2 GETs too). > > Firefox does't even get to try it, it as other browsers > tries NTLM on startup but gives up upon failure and doesn't > switch to Kerberos, however it works fine when user is > logged in with domain credentials. > > I have similar working test setup on Fedora 10, with 3.0.22 > Squid and there is no such behavior noticed, so it cant be > the clients fault. (same config setting both for Kerberos > and Squid, same AD). It actually runs on my desktop machine > while Gentoo one is VM on VmWare Infrastructure. Both > machines are similar specs, VM one being even faster (3ghz > XEON with 2GB RAM). > I am puzzled as to what might be reason for this behavior, > any help would be more than welcome? > > Cira > > >       > >
Received on Tue Sep 21 2010 - 14:59:37 MDT