Hello,
I'm trying to setup squid_kerb_auth but I'm stuck on problem with msktutil.
I've downloaded msktutil_0.3.16-7_amd64.deb and installed with
dependencies: libsasl2-modules-gssapi-mit, libgssapi-krb5-2, libkrb53.
Then, I try to run msktutil from Squid website examples:
root_at_proxy:~# kinit administrator
Password for administrator_at_BANK.LOCAL:
root_at_proxy:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator_at_BANK.LOCAL
Valid starting Expires Service principal
04/14/11 18:59:02 04/15/11 04:59:07 krbtgt/BANK.LOCAL_at_BANK.LOCAL
renew until 04/15/11 18:59:02
root_at_proxy:~# msktutil -c -b "CN=COMPUTERS" -s HTTP/proxy.bank.local
-h proxy.bank.local -k /etc/squid3/HTTP.keytab --computer-name
squid-http --upn HTTP/proxy.bank.local --server dc.bank.local
--verbose --enctypes 28
-- init_password: Wiping the computer password structure
-- finalize_exec: Determining user principal name
-- finalize_exec: User Principal Name is: HTTP/proxy.bank.local_at_BANK.LOCAL
-- create_fake_krb5_conf: Created a fake krb5.conf file:
/tmp/.mskt-1550krb5.conf
-- get_krb5_context: Creating Kerberos Context
-- try_machine_keytab: Using the local credential cache:
/tmp/.mskt-1550krb5_ccache
-- try_machine_keytab: krb5_get_init_creds_keytab failed (No such
file or directory)
-- try_machine_keytab: Unable to authenticate using the local keytab
-- ldap_connect: ldap_connect calling try_ldap_connect
-- try_ldap_connect: Connecting to LDAP server: dc.bank.local try_tls=YES
-- try_ldap_connect: Connecting to LDAP server: dc.bank.local try_tls=NO
SASL/GSSAPI authentication started
Error: ldap_sasl_interactive_bind_s failed 4 (Local error)
Error: ldap_connect failed
-- krb5_cleanup: Destroying Kerberos Context
-- ldap_cleanup: Disconnecting from LDAP server
-- init_password: Wiping the computer password structure
And I'm stuck. I'm not sure, but AFAIK the same error (ldap_sasl_...)
I've received on Centos 5.6 and msktutil from RPM.
AD is on win2008R2.
Any ideas why it doesn't work? I remember, that in Feb 2011 on my
first tests with krb and msktutil (CentOS 5.5 + 2008R2) all was ok.
Regards
Rafal
Received on Thu Apr 14 2011 - 17:02:06 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 14 2011 - 12:00:03 MDT