Hello there and sorry for sending this off-topic issue to FAI-mailing-list, but i got stuck since weeks and didn't find help in several forums, manpages, howtos, searchengines, ...
Does someone of you use GNU/Linux-GUI machines with Active Directory authentication? Could you please send me your iceweasel config? Authentication and kerberos (mounting server shares) works well for me, but I did not manage to get Iceweasel 38.5 working with kerberos. Internet access is routed over a http-proxy (squid on a virtual machine) that is configured to use kerberos. On Windows machines Firefox works with single sign on out of the box. No special ntlm, negotiate or proxy settings, just "use system settings". With Debian Jessie (using "use system settings", configured for Gnome and Bash) I have to enter username / pw every time. Saving user credentials is not an option because users home directorys have to be clean and are deleted after logout. Samba, winbind, pam and kerberos are configured like this: https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory I tried to configure iceweasel with this guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sso-config-firefox.html So I entered about:config and changed network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris to something like .WORK.company (with different case-(in-)sensitive writings, with(out) domaincontroller and so on). But it seems that iceweasel doesn't use kerberos at all (at least this is what I think after reading the logfiles) $ klist Ticket cache: FILE:/tmp/krb5cc_11000 Default principal: user@WORK.COMPANY Valid starting Expires Service principal 03.01.2016 15:57:41 04.01.2016 01:57:26 krbtgt/WORK.COMPANY@WORK.COMPANY renew until 10.01.2016 15:57:41 03.01.2016 15:57:41 04.01.2016 01:57:26 DEBIAN-HOST@WORK.COMPANY renew until 10.01.2016 15:57:41 03.01.2016 15:57:41 04.01.2016 01:57:26 ldap/companydc.work.company@WORK.COMPANY renew until 10.01.2016 15:57:41 03.01.2016 15:57:43 04.01.2016 01:57:26 cifs/companydc@WORK.COMPANY renew until 10.01.2016 15:57:41 $ export NSPR_LOG_MODULES=negotiateauth:5 $ export NSPR_LOG_FILE=/tmp/moz.log $ firefox $ cat moz.log abcd[xyz]: Writing to ntlm_auth: YR abcd[xyz]: Writing to ntlm_auth: YR Thanks a lot Christian Meyer BTW: Can anyone confirm that iceweasel is keeping connections open (to the proxy) and so letting it run out of memory? What are your settings to prevent this?
