Univention Bugzilla – Bug 31972
add gss-spnego (kerberos) support to squid_ldap_ntlm_auth
Last modified: 2014-01-08 11:11:29 CET
The changes here should be merged to UCS 3.2 +++ This bug was initially created as a clone of Bug #31967 +++ We should gss-spnego (kerberos) support to squid_ldap_ntlm_auth than we activate squid negotiate: # auth negotiate auth_param negotiate program /usr/lib/squid3/squid_ldap_ntlm_auth --debug --gss-spnego auth_param negotiate children 10 Linux user with a keberos ticket than can authenticate to the squid server without a password prompt. Windows user with a ticket (samba4) also Windows user without a ticket (samba3) can also authenticate without a password because then windows does ntlm over negotiate.
OK, QA, see Bug #31967
*** Bug 26296 has been marked as a duplicate of this bug. ***
Verified: * Continues to work after update to ucs3.2-0 * Changelog OK Test was set up on a Samba4 DC with: ucr set repository/online/unmaintained='yes'; ucr set squid/krb5auth=yes; univention-install univention-squid-kerberos; univention-run-join-scripts;
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".