Re: [squid-users] Re: Squid Kerberos authentication error

From: <vmnavas_at_gmail.com>
Date: Sun, 24 Jun 2012 19:12:54 +0000

The problem is nothing is writing in to my keytab file
------Original Message------
From: Mohamed Navas
To: 'sichent'
To: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Re: Squid Kerberos authentication error
Sent: 24 Jun 2012 9:24 PM

Hi,

When applying the command, net ads keytab add HTTP -U administrator
One warning:-
Warning: "kerberos method" must be set to a keytab method to use keytab
functions.
====================================================================
Also see below:-
[root_at_lx hooks]# ktutil
ktutil: rkt /etc/krb5.keytab
rkt: Unsupported key table format version number while reading keytab
"/etc/krb5.keytab"
ktutil:

cat /etc/krb5.conf
=================
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = SYSNET.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 default_keytab_name = /etc/krb5.keytab
; for Windows 2003
# default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
 # default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
 # permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
      default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
      default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
      permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5

; for MIT/Heimdal kdc no need to restrict encryption type

[realms]
 SYSNET.LOCAL = {
  kdc = dc1.sysnet.local
  admin_server = dc1.sysnet.local
  kdc = 192.168.15.40
 }

[domain_realm]
 .sysnet.local = SYSNET.LOCAL
 sysnet.local = SYSNET.LOCAL

-----Original Message-----
From: sichent [mailto:sichent_at_mail.ru]
Sent: Sunday, June 24, 2012 7:57 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Re: Squid Kerberos authentication error

Hi,

May be this is of any help? (it uses centos 6 and ad 2008 and samba NOT
mskutils)

http://www.howtoforge.com/web-filtering-on-squid-3-with-quintolabs-content
-security-1.4-and-windows-active-directory-integration

On 24.06.2012 15:06, Navas wrote:
> One more thing I am using Samba, I could not use mskutil. Is there any
> issue with Kerberos and Samba.
> OS: Redhat EL6.2
> squid-3.1
>


Sent from my BlackBerry® smartphone from du
Received on Sun Jun 24 2012 - 19:13:02 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 25 2012 - 12:00:03 MDT