Re: [squid-users] Re: Re: Squid Kerberos authentication error

From: <vmnavas_at_gmail.com>
Date: Tue, 26 Jun 2012 10:07:41 +0000

Now its working in all browsers but not in IE with windows XP. My active directory is in windows 2003
------Original Message------
From: Mohamed Navas
To: 'Markus Moeller'
To: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Re: Re: Squid Kerberos authentication error
Sent: 26 Jun 2012 9:27 AM

I could solve the issue by creating keytabs within the MS server and
exported to Linux machine and is working fine with msktutils itself...
Still do not find out the reason for not created it in Linux machine !

-----Original Message-----
From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
Sent: Sunday, June 24, 2012 9:39 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Re: Re: Squid Kerberos authentication error

You can use samba to create the keytab, but you mustn't use any samba
daemon as the daemon will reset the key in AD after a predefined time and
thereby invalidate the key in your keytab.

Regards
Markus

"Navas" <vmnavas_at_gmail.com> wrote in message
news:4c9801cd520a$34f4ee30$9edeca90$@gmail.com...
> One more thing I am using Samba, I could not use mskutil. Is there any
> issue with Kerberos and Samba.
> OS: Redhat EL6.2
> squid-3.1
>
> thanks,
>
> -----Original Message-----
> From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
> Sent: Sunday, June 24, 2012 2:59 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Re: Squid Kerberos authentication error
>
> Can you check that the squid user has read access to the Kerberos keytab
?
> Did you set the environment variable KRB5_KTNAME pointing to the
> Kerberos keytab in the startup script ?
>
> Markus
>
> "Navas" <vmnavas_at_gmail.com> wrote in message
> news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com...
>> Hi,
>> I am trying to setup squid to authenticate as AD with kerberos as
>> per the following document
>>
>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive
>> D
>> irecto
>> ry
>>
>> but I am getting following error in cache log,
>>
>> authenticateNegotiateHandleReply: Error validating user via Negotiate.
>> Error
>> returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.
>> Minor code may provide more information. Unknown error'
>>
>> appreciated for your kind help ..
>>
>> thanks,
>>
>> abusam
>>
>>
>
>
>
>


Sent from my BlackBerry® smartphone from du
Received on Tue Jun 26 2012 - 10:07:54 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 27 2012 - 12:00:04 MDT