Squid itself seems to run fine, I can browse through it.Then my goal to use kerberos authentication fails with the error above.

validating user via ntlm-34validating user via ntlm-3

Validating user via ntlm windows clients not updating dns

Is there anybody out there who can help me troubleshoot this problem?

I found tutorials where the keytab file is created on the windows server but that's not necessary if I use the msktutil, right? I'v been trying to get this to work for some time now.

Regards Markus "Lieven" Hello Markus, Sorry for my slow reaction.

1) I did a klist on the squid server and got this ticket: squid3-proxy:/var/log/squid-3.1.3# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [hidden email] Valid starting Expires Service principal 05/09/10 05/10/10 krbtgt/[hidden email] renew until 05/10/10 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached = Do I have to renew this ticket from the server everyday?

Dear list, I have currently a problem where it seems that my clients, webbrowsers firefox 3.5 and IE8 only seem to return NTLM tokens as authentication instead of kerberos. squid_kerb_auth: WARNING: received type 1 NTLM token authenticate Negotiate Handle Reply: Error validating user via Negotiate. squid has been configured like this: ./configure --enable-negotiate-auth-helpers=squid_kerb_auth --enable-stacktraces --prefix=/opt/squid-3.1.3 make and make install went fine.

the squid box is a cleanly installed debian lenny i386.

I thought that I only needed this ticket once to get my squid server into the AD domain with the msktutil?

in my krb5I have the following info in my realm: kdc = admin_server = these are the libdefaults: [libdefaults] default_realm = DOMAIN.

LOCAL dns_lookup_kdc = no dns_lookup_realm = no default_keytab_name = /etc/HTTP.keytab ticket_lifetime = 24h the /etc/HTTP.keytab file is like this: -rw-r----- 1 squid squid 532 2010-05-05 /etc/HTTP.keytab squid is running as user "squid" First I got a kerberos ticket with: kinit administrator I can see a krbtgt ticket with klist.