RE: [squid-users] Re: Re: Squid Kerberos authentication error

From: Navas <vmnavas_at_gmail.com>
Date: Tue, 26 Jun 2012 09:27:48 +0400

I could solve the issue by creating keytabs within the MS server and
exported to Linux machine and is working fine with msktutils itself...
Still do not find out the reason for not created it in Linux machine !

-----Original Message-----
From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
Sent: Sunday, June 24, 2012 9:39 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Re: Re: Squid Kerberos authentication error

You can use samba to create the keytab, but you mustn't use any samba daemon
as the daemon will reset the key in AD after a predefined time and thereby
invalidate the key in your keytab.

Regards
Markus

"Navas" <vmnavas_at_gmail.com> wrote in message
news:4c9801cd520a$34f4ee30$9edeca90$@gmail.com...
> One more thing I am using Samba, I could not use mskutil. Is there any
> issue with Kerberos and Samba.
> OS: Redhat EL6.2
> squid-3.1
>
> thanks,
>
> -----Original Message-----
> From: Markus Moeller [mailto:huaraz_at_moeller.plus.com]
> Sent: Sunday, June 24, 2012 2:59 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Re: Squid Kerberos authentication error
>
> Can you check that the squid user has read access to the Kerberos keytab ?
> Did you set the environment variable KRB5_KTNAME pointing to the
> Kerberos keytab in the startup script ?
>
> Markus
>
> "Navas" <vmnavas_at_gmail.com> wrote in message
> news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com...
>> Hi,
>> I am trying to setup squid to authenticate as AD with kerberos as
>> per the following document
>>
>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive
>> D
>> irecto
>> ry
>>
>> but I am getting following error in cache log,
>>
>> authenticateNegotiateHandleReply: Error validating user via Negotiate.
>> Error
>> returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.
>> Minor code may provide more information. Unknown error'
>>
>> appreciated for your kind help ..
>>
>> thanks,
>>
>> abusam
>>
>>
>
>
>
>
Received on Tue Jun 26 2012 - 05:28:04 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 26 2012 - 12:00:04 MDT