Fuera del dominio no se puede con kerberos, precisamente estoy en eso.
------------AZUfre, Computer SolutionsEric Enrique Sedeño Estrada Send from my
Samsung Galaxy Note8
-------- Mensaje original --------De: Angel Luis Milan Paultre
<an...@occ.co.cu> Fecha: 22/9/20 3:32 PM (GMT-05:00) A: 'Lista cubana de
soporte técnico en Tecnologias Libres' <gutl-l@listas.jovenclub.cu> Asunto:
[Gutl-l] una mas de Kerberos + Squid
Buenas a todos Algunos de ustedes la logrado el funcionamiento de la
autenticación del Squid + Kerberos + AD pero con PC windows fueras del dominio
? existe la posibilidad ? Pues ya he tratado todas las formas y no lo logro
optengo en los log de la cache esto:
TlRMTVNTUAADAAAAGAAYAIYAAAAUARQBngAAAA4ADgBYAAAAEgASAGYAAAAOAA4AeAAAABAAEACyAQAAFYKI4gYBsR0AAAAP+ZWZeBN89j2TW7lQq+UWhlcASQBOADcAcwBwADEAbwBjAGMAXwBhAGQAbQBpAG4AVwBJAE4ANwBTAFAAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcVwo70grnfzT0nXMTaTUgAQEAAAAAAACaOd4yFpHWAVqabEnCafgzAAAAAAIACgBQAFIATwBYAFkAAQAKAFAAUgBPAFgAWQAEABIAbwBjAGMALgBjAG8ALgBjAHUAAwAeAHAAcgBvAHgAeQAuAG8AYwBjAC4AYwBvAC4AYwB1AAcACACaOd4yFpHWAQYABAACAAAACAAwADAAAAAAAAAAAQAAAAAgAABbVTOM9yBvf1fl+WiCTA0NMmooFq0enpXTo1fEsZqgZAoAEAAAAAAAAAAAAAAAAAAAAAAACQAoAEgAVABUAFAALwBwAHIAbwB4AHkALgBvAGMAYwAuAGMAbwAuAGMAdQAAAAAAAAAAAAAAAABrMnCWOyep4qQQ12R4gYIy'
from squid (length: 603).2020/09/22 15:25:58| negotiate_wrapper: Decode
'TlRMTVNTUAADAAAAGAAYAIYAAAAUARQBngAAAA4ADgBYAAAAEgASAGYAAAAOAA4AeAAAABAAEACyAQAAFYKI4gYBsR0AAAAP+ZWZeBN89j2TW7lQq+UWhlcASQBOADcAcwBwADEAbwBjAGMAXwBhAGQAbQBpAG4AVwBJAE4ANwBTAFAAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcVwo70grnfzT0nXMTaTUgAQEAAAAAAACaOd4yFpHWAVqabEnCafgzAAAAAAIACgBQAFIATwBYAFkAAQAKAFAAUgBPAFgAWQAEABIAbwBjAGMALgBjAG8ALgBjAHUAAwAeAHAAcgBvAHgAeQAuAG8AYwBjAC4AYwBvAC4AYwB1AAcACACaOd4yFpHWAQYABAACAAAACAAwADAAAAAAAAAAAQAAAAAgAABbVTOM9yBvf1fl+WiCTA0NMmooFq0enpXTo1fEsZqgZAoAEAAAAAAAAAAAAAAAAAAAAAAACQAoAEgAVABUAFAALwBwAHIAbwB4AHkALgBvAGMAYwAuAGMAbwAuAGMAdQAAAAAAAAAAAAAAAABrMnCWOyep4qQQ12R4gYIy'
(decoded length: 450).2020/09/22 15:25:58| negotiate_wrapper: received type 3
NTLM token2020/09/22 15:25:58| negotiate_wrapper: Return 'BH
NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL'2020/09/22 15:25:58 kid1| ERROR:
Negotiate Authentication validating user. Result: {result=BH, notes={message:
NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }}2020/09/22 15:26:14|
negotiate_wrapper: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from squid (length:
59).2020/09/22 15:26:14| negotiate_wrapper: Decode
'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded length:
42).2020/09/22 15:26:14| negotiate_wrapper: received type 1 NTLM
token2020/09/22 15:26:14| negotiate_wrapper: Return 'TT
TlRMTVNTUAACAAAACgAKADgAAAAVgoriBUENC90r8ocAAAAAAAAAAGQAZABCAAAABgEAAAAAAA9QAFIATwBYAFkAAgAKAFAAUgBPAFgAWQABAAoAUABSAE8AWABZAAQAEgBvAGMAYwAuAGMAbwAuAGMAdQADAB4AcAByAG8AeAB5AC4AbwBjAGMALgBjAG8ALgBjAHUABwAIALqhlzwWkdYBAAAAAA==
Necesito alguno orientación, probe inclusive sin negotiate_wrapper y lo
mismo, 2020/09/22 15:29:54 kid1| ERROR: Negotiate Authentication validating
user. Result: {result=BH, notes={message: received type 1 NTLM token;
}}2020/09/22 15:29:58 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: received type 1 NTLM token; }} Creo que
debe haber alguna forma porque las estaciones Windows lo logran cuando una PC
no esta en el dominio simplemente piden el USer y la clave de un usuario del
dominio y listo, autentican.. Alguna idea de por donde encontrar la solución??
saludos_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
