[squid-users] Unable to create keytab Msktutil ldap_set_option failed (local errror)

From: GIGO . <gigoz_at_msn.com>
Date: Thu, 15 Apr 2010 14:05:14 +0000

Dear All,
 
Once again i failed to properly create keytab. Following is the detail of how i performed this task
 
step No 1: i changed my krb5.conf file as follows;

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
[libdefaults]
 default_realm = V.LOCAL
 dns_lookup_realm = no
 dns_lookup_kdc = no
 ticket_lifetime = 24h
 forwardable = yes
 default_keytab_name= /etc/krb5.keytab

; for windows 2003
 default_tgs_enctypes= rc4-hmac des-cbc-crc des-cbc-md5
 default_tkt_enctypes= rc4-hmac des-cbc-crc des-cbc-md5
 permitted_enctypes= rc4-hmac des-cbc-crc des-cbc-md5
 
[realms]
 V.LOCAL = {
  kdc = vdc.v.local:88
  admin_server = vdc.v.local:749
  default_domain = v.local
  }
 
[domain_realm]
.linux.home = V.LOCAL
 .v.local=V.LOCAL
 v.local=V.LOCAL

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
 
Step 2:
i tried to create the keytab as follows:
kinit administrator_at_V.LOCAL
 
msktutil -c -b "CN=COMPUTERS" -s HTTP/vdc.v.local -h squidLhrTest.v.local -k /etc/squid/HTTP.keytab --computer-name squid-http --upn HTTP/vdc.v.local --server vdc.v.local --verbose
 
However the following error:
 
SASL/GSSAPI authentication started
Error: ldap_set_option failed (Local error)
Error: ldap_connect failed
 -- krb5_cleanup: Destroying Kerberos Context
 -- ldap_cleanup: Disconnecting from LDAP server
 -- init_password: Wiping the computer password structure

 
My other settings are as follows:
 
 
/etc/resolv.conf
nameserver 10.1.82.51
# 10.1.82.51 is my domain controller and DNS server
 
/etc/hosts file
 
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 squidLhrTest localhost.localdomain localhost
10.1.82.52 squidLhrTest.v.local
::1 localhost6.localdomain6 localhost6
however running the hostname --fqdn shows squidLhrTest only....
 
 
 
Please help me out and guide.
 
regards,
 
Bilal Aslam
 
 
 
 

                                                
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969
Received on Thu Apr 15 2010 - 14:06:03 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 15 2010 - 12:00:04 MDT