Hi again, just for documentation: I figured out what the problem was. According to the previously mentioned configuration example [1] one can use these encryption modes inside /etc/krb5.conf:
> ; for Windows 2003 > > default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md > default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md > permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 or > ; for Windows 2008 with AES > > default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 Actually, if you use the old method (without aes and --enctypes 28), you only can use the IP adress for your squid server instead of a DNS name. Btw: One shouldn't use the old method if it's not needed - at least for security reasons. [1] http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory Best, Schinken --- Backspace e.V. http://hackerspace-bamberg.de mail: schin...@hackerspace-bamberg.de xmpp: schin...@tai-wahn.de (otr) GPG: FFB7 E40D B2DD D24C C9B7 B5C5 703C F8B8 882C 871E
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
