[squid-users] Re: Help me configure Kerberos Authentication from Go Wow on 2011-04-30 (squid-users)

From: Go Wow <gowows_at_gmail.com>
Date: Sat, 30 Apr 2011 12:13:28 +0400

When I run msktutil I get this line in the output.

krb5_get_init_creds_keytab failed (Client not found in Kerberos database)

I did kinit before issuing msktutil and it ran successfully. I can see
tickets when I issue klist.

On 30 April 2011 10:43, Go Wow <gowows_at_gmail.com> wrote:
> Hi,
>
> I'm trying to configure Kerberos Authentication for squid. I'm
> running Squid 3.1.12 and Windows 2008 R2 SP2. I have followed the
> kerberos authentication guide on squid-cache and many other guides, I
> always end up with these logs in my cache.log. My client browser keeps
> prompting for username/password. Even a valid set of credentials are
> not accepted.
>
> 2011/04/30 10:24:32| squid_kerb_auth: WARNING: received type 1 NTLM token
> 2011/04/30 10:24:32| authenticateNegotiateHandleReply: Error
> validating user via Negotiate. Error returned 'BH received type 1 NTLM
> token'
> 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Got 'YR
> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
> (length: 59).
> 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Decode
> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' (decoded
> length: 40).
> 2011/04/30 10:24:36| squid_kerb_auth: WARNING: received type 1 NTLM token
> 2011/04/30 10:24:36| authenticateNegotiateHandleReply: Error
> validating user via Negotiate. Error returned 'BH received type 1 NTLM
> token'
> 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Got 'YR
> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
> (length: 59).
> 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Decode
> 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' (decoded
> length: 40).
> 2011/04/30 10:24:36| squid_kerb_auth: WARNING: received type 1 NTLM token
> 2011/04/30 10:24:36| authenticateNegotiateHandleReply: Error
> validating user via Negotiate. Error returned 'BH received type 1 NTLM
> token'
>
>
> I want to check and make sure my keytab entries are good. How do I do
> that? My client System can list the tickets for client principal.
>
> Please have a look at my krb5.conf & keytab file here
> http://pastebin.com/vTBr3r5D
>
> I'm using this command to create the keytab file.
> msktutil -c -b "CN=COMPUTERS" -s HTTP/proxyserver.orangegroup.com -h
> proxyserver.orangegroup.com -k /etc/krb5.keytab --computer-name
> proxyserver-http --upn HTTP/proxyserver.orangegroup.com --server
> ad01.orangegroup.com --verbose
>
> All the domains are resolving properly to IPs.
>
> Thanks for your help.
>
Received on Sat Apr 30 2011 - 08:13:35 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 30 2011 - 12:00:04 MDT