Hi,
I have setup the squid authentication with windows 2003 Domain
controller. But it's working well with NTLM, but failed with kerberso
..getting following error:-
=====================================================================
2012/07/02 15:07:17| squid_kerb_auth: ERROR: gss_accept_sec_context()
failed: Unspecified GSS failure. Minor code may provide more
information.
2012/07/02 15:07:17| negotiate_wrapper: Return 'BH
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
may provide more information.
'
2012/07/02 15:07:17| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
may provide more information
=======================================================================
mr krb5.conf file is:-
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DXBPET.SYSNET.ROOT
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
#default_keytab_name = /etc/squid/HTTP.keytab
#allow_weak_crypto = yes
; for Windows 2003
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
[realms]
DXBPET.DUBAIPETROLEUM.ROOT = {
kdc = dxbjadc12.dxbpet.sysnet.root
admin_server = dxbjadc12.dxbpet.sysnet.root
kdc = 10.97.8.122
}
[domain_realm]
.dxbpet.sysnet.root = DXBPET.SYSNET.ROOT
dxbpet.sysnet.root = DXBPET.SYSNET.ROOT
Received on Mon Jul 02 2012 - 11:32:44 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 03 2012 - 12:00:02 MDT