RE: [squid-users] Re: Re: Squid Kerberos authentication error

From: Navas <vmnavas_at_gmail.com>
Date: Mon, 25 Jun 2012 17:29:09 +0400

It's not all creating keytab.

[root_at_lx work]# net ads keytab add HTTP -U administrator
Processing principals to add...
Enter administrator's password:

[root_at_lx work]# ktutil
ktutil: rkt /etc/krb5.keytab
rkt: Unsupported key table format version number while reading keytab
"/etc/krb5.keytab"

No contents there at /etc/krb5.keytab

Thanks,

Br
abusam

-----Original Message-----
From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
Sent: Sunday, June 24, 2012 9:39 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Re: Re: Squid Kerberos authentication error

You can use samba to create the keytab, but you mustn't use any samba daemon
as the daemon will reset the key in AD after a predefined time and thereby
invalidate the key in your keytab.

Regards
Markus

"Navas" <vmnavas_at_gmail.com> wrote in message
news:4c9801cd520a$34f4ee30$9edeca90$@gmail.com...
> One more thing I am using Samba, I could not use mskutil. Is there any
> issue with Kerberos and Samba.
> OS: Redhat EL6.2
> squid-3.1
>
> thanks,
>
> -----Original Message-----
> From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
> Sent: Sunday, June 24, 2012 2:59 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Re: Squid Kerberos authentication error
>
> Can you check that the squid user has read access to the Kerberos keytab ?
> Did you set the environment variable KRB5_KTNAME pointing to the
> Kerberos keytab in the startup script ?
>
> Markus
>
> "Navas" <vmnavas_at_gmail.com> wrote in message
> news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com...
>> Hi,
>> I am trying to setup squid to authenticate as AD with kerberos as
>> per the following document
>>
>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive
>> D
>> irecto
>> ry
>>
>> but I am getting following error in cache log,
>>
>> authenticateNegotiateHandleReply: Error validating user via Negotiate.
>> Error
>> returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.
>> Minor code may provide more information. Unknown error'
>>
>> appreciated for your kind help ..
>>
>> thanks,
>>
>> abusam
>>
>>
>
>
>
>
Received on Mon Jun 25 2012 - 13:29:24 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 26 2012 - 12:00:04 MDT