Allgemein

Another Kerberos error in Cache.log on Squid server

During my configuration of an Squid Proxy Server on Ubuntu in conjunction with Kerberos and Active Directory I encountered another error in the cache.log of the Squid Server: ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown error; }} The reason for this error was the loopback address (127.0.0.1) for the current host in the hosts file in /etc/hosts. The entry in the hosts file was like this: 127.0.0.1 squid.contoso.com I changed the entry to the real IP address of the Ubuntu Server: 192.168.1.250 squid.contoso.com After the chang I restarted the Server and...
Allgemein

Kerberos authentication error in cache.log on Squid server

I configured Kerberos authentication for a Squid proxy server on Ubuntu in an Active Directory domain. During my tests I got the following error in the cache.log: ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more information. No key table entry found matching HTTP/squid@; }} The reason for this error was a wrong entry in the hosts (/etc/hosts) file on the Ubuntu server. The entry for the server was missing the domain part. So the file contained 192.168.1.40 squid instead of 192.168.1.250 squid.contoso.com I added the domain part to the entry and restarted...
Allgemein

Kinit error on Ubuntu server

I configured Squid Proxy in conjunction with Kerberos authentication in an  Active Directory Domain. During my Tests I used kinit to check my Kerberos ticket on the Ubuntu Server and got the following error message: kinit: Client not found in Kerberos database while getting initial credentials The reason was two identical SPNs (Service Principal Names) in the Active Directory. To find them I checked the Active Directory for double SPNs with the setspn command and the -x parameter: setspn -x This command checks the Active Directory for identical SPNs and list them. The command showed me two entries for my...
Allgemein

NTLM authentication error in Squid cache.log

Recently I configured Squid as Proxy Server with NTLM authentication in an Active Directory Domain. As I started to use the Proxy Server in conjunction with my browser an authentication pop up appeared all of the time and I was not able to Access the Internet. I checked the Cache.log of the Squid Server and found the following error message: GENSEC login failed: NT_STATUS_UNSUCCESSFUL ERROR: NTLM Authentication validating user. Result: {result=BH, notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }} The cause of this Problem was a bug in the Samba version described in this bug Report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754339 The pipe of the winbind daemon was created in the wrong Directory...