[squid-users] msktutil on Debian Squeeze

From: Rafal Zawierta <zawierta_at_gmail.com>
Date: Thu, 14 Apr 2011 19:02:06 +0200

Hello,

I'm trying to setup squid_kerb_auth but I'm stuck on problem with msktutil.

I've downloaded msktutil_0.3.16-7_amd64.deb and installed with
dependencies: libsasl2-modules-gssapi-mit, libgssapi-krb5-2, libkrb53.

Then, I try to run msktutil from Squid website examples:

root_at_proxy:~# kinit administrator
Password for administrator_at_BANK.LOCAL:
root_at_proxy:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator_at_BANK.LOCAL

Valid starting Expires Service principal
04/14/11 18:59:02 04/15/11 04:59:07 krbtgt/BANK.LOCAL_at_BANK.LOCAL
        renew until 04/15/11 18:59:02
root_at_proxy:~# msktutil -c -b "CN=COMPUTERS" -s HTTP/proxy.bank.local
-h proxy.bank.local -k /etc/squid3/HTTP.keytab --computer-name
squid-http --upn HTTP/proxy.bank.local --server dc.bank.local
--verbose --enctypes 28
 -- init_password: Wiping the computer password structure
 -- finalize_exec: Determining user principal name
 -- finalize_exec: User Principal Name is: HTTP/proxy.bank.local_at_BANK.LOCAL
 -- create_fake_krb5_conf: Created a fake krb5.conf file:
/tmp/.mskt-1550krb5.conf
 -- get_krb5_context: Creating Kerberos Context
 -- try_machine_keytab: Using the local credential cache:
/tmp/.mskt-1550krb5_ccache
 -- try_machine_keytab: krb5_get_init_creds_keytab failed (No such
file or directory)
 -- try_machine_keytab: Unable to authenticate using the local keytab
 -- ldap_connect: ldap_connect calling try_ldap_connect

 -- try_ldap_connect: Connecting to LDAP server: dc.bank.local try_tls=YES
 -- try_ldap_connect: Connecting to LDAP server: dc.bank.local try_tls=NO
SASL/GSSAPI authentication started
Error: ldap_sasl_interactive_bind_s failed 4 (Local error)
Error: ldap_connect failed
 -- krb5_cleanup: Destroying Kerberos Context
 -- ldap_cleanup: Disconnecting from LDAP server
 -- init_password: Wiping the computer password structure

And I'm stuck. I'm not sure, but AFAIK the same error (ldap_sasl_...)
I've received on Centos 5.6 and msktutil from RPM.

AD is on win2008R2.

Any ideas why it doesn't work? I remember, that in Feb 2011 on my
first tests with krb and msktutil (CentOS 5.5 + 2008R2) all was ok.

Regards
Rafal
Received on Thu Apr 14 2011 - 17:02:06 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 14 2011 - 12:00:03 MDT