[squid-users] Re: Re: Re: Squid Kerberos authentication error

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Mon, 25 Jun 2012 21:54:16 +0100

I usually use msktutil and I only know from samba what is documented here
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Create_keytab

Markus

"Navas" <vmnavas_at_gmail.com> wrote in message
news:034901cd52d6$82b3c1b0$881b4510$@gmail.com...
> It's not all creating keytab.
>
> [root_at_lx work]# net ads keytab add HTTP -U administrator
> Processing principals to add...
> Enter administrator's password:
>
> [root_at_lx work]# ktutil
> ktutil: rkt /etc/krb5.keytab
> rkt: Unsupported key table format version number while reading keytab
> "/etc/krb5.keytab"
>
> No contents there at /etc/krb5.keytab
>
> Thanks,
>
> Br
> abusam
>
> -----Original Message-----
> From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
> Sent: Sunday, June 24, 2012 9:39 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Re: Re: Squid Kerberos authentication error
>
> You can use samba to create the keytab, but you mustn't use any samba
> daemon
> as the daemon will reset the key in AD after a predefined time and thereby
> invalidate the key in your keytab.
>
> Regards
> Markus
>
>
> "Navas" <vmnavas_at_gmail.com> wrote in message
> news:4c9801cd520a$34f4ee30$9edeca90$@gmail.com...
>> One more thing I am using Samba, I could not use mskutil. Is there any
>> issue with Kerberos and Samba.
>> OS: Redhat EL6.2
>> squid-3.1
>>
>> thanks,
>>
>> -----Original Message-----
>> From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
>> Sent: Sunday, June 24, 2012 2:59 PM
>> To: squid-users_at_squid-cache.org
>> Subject: [squid-users] Re: Squid Kerberos authentication error
>>
>> Can you check that the squid user has read access to the Kerberos keytab
>> ?
>> Did you set the environment variable KRB5_KTNAME pointing to the
>> Kerberos keytab in the startup script ?
>>
>> Markus
>>
>> "Navas" <vmnavas_at_gmail.com> wrote in message
>> news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com...
>>> Hi,
>>> I am trying to setup squid to authenticate as AD with kerberos as
>>> per the following document
>>>
>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive
>>> D
>>> irecto
>>> ry
>>>
>>> but I am getting following error in cache log,
>>>
>>> authenticateNegotiateHandleReply: Error validating user via Negotiate.
>>> Error
>>> returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.
>>> Minor code may provide more information. Unknown error'
>>>
>>> appreciated for your kind help ..
>>>
>>> thanks,
>>>
>>> abusam
>>>
>>>
>>
>>
>>
>>
>
>
>
>
Received on Mon Jun 25 2012 - 20:54:39 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 26 2012 - 12:00:04 MDT