[squid-users] Kerberos with 2008/2003 DC

Hi,

I have a domain with 2008 and 2003 DCs. If I genus a keytab in windows 2008
only work with 2008 server's and if I genus a keytab with 2003 it not work
in 2008 or 2003. The last case error example

[root_at_proxyprueba ~]# kinit -V -k -t /etc/squid/.keytab proxyprueba.xxx.xxx
Using default cache: /tmp/krb5cc_0
Using principal: proxyprueba.xxx.xxx_at_XXX.XXX
Using keytab: /etc/squid/.keytab
kinit: Client not found in Kerberos database while getting initial
credentials

I use ktpass for generate the ticket

C:\>ktpass -princ HTTP/srvproxy.sertecin.local_at_SERTECIN.LOCAL -mapuser
sertecin\srvproxy -pass admin1234 -crypto rc4-hmac-nt -ptype
krb5_nt_principal -out squid.keytab

Can I generate a keytab for 2008 and 2003 dc's and XP/7 clients?
Does keytab work with squid_krb_auth, in affirmative case?
Is MNTL my unique option?

[root_at_proxyprueba ~]# more /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb/krb5libs.log
 kdc = FILE:/var/log/krb/krb5kdc.log
 admin_server = FILE:/var/log/krb/kadmind.log

[libdefaults]
 default_realm = XXX.XXX
  default_tgs_enctypes = rc4-hmac
  default_tkt_enctypes = rc4-hmac

[realms]
 ABG.CORP = {
  default_domain = xxx.xxx
; kdc = srv-valdc01.xxx.xxx:88
  kdc = srv-valdc02.xxx.xxx:88 --> dc site for clients login W2003
  admin_server = srv-valdc02.xxx.xxx:749
 }

[domain_realm]
 xxx.xxx = XXX.XXX
 .xxx.xxx = XXX.XXX

A lot of thanks

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-with-2008-2003-DC-tp4659198.html
Sent from the Squid - Users mailing list archive at Nabble.com.