Hi Alex,
The test you do is not a valid test for the Kerberos authentication
helper. The input is a Kerberos token which you can create with the tool
provided by issuing:
kinit user@DOMAIN
and
./squid_kerb_auth_test squid-fqdn
Token:
Hi Markus
Sorry yes you were right, it was DNS.
In our environment we are running two DNS servers. One using MS DNS
and the other using unix BIND. The linux server was added to the unix
DNS (with name proxy1.domain.com) but not to the MS DNS which was
authority for ad.domain.com. Now that I think
BTW Which squid_kerb_auth version do you use ?
Markus
Umesh Bodalina u.bodal...@gmail.com wrote in message
news:c3b47c041001160337k68a1313g1863689383a15...@mail.gmail.com...
Hi
When I tried
./squid_kerb_auth_test proxy1
or
./squid_kerb_auth_test proxy1.domain.com
I got
2010/01/16 12:31:47|
Hi
Using squid_kerb_auth-1.0.5 for the testing.
For the /usr/local/squid/libexec/squid_kerb_auth
used the compile version from squid-2.7.STABLE7.
Regards
Umesh
2010/1/16 Markus Moeller hua...@moeller.plus.com:
BTW Which squid_kerb_auth version do you use ?
Markus
Umesh Bodalina
Hi,
I'm new to this. I've run the following command on the server:
ldapsearch -L -x -D aduser -w password -h domainfqdn -p 389 -b
OU=name,DC=domain,DC=com serviceprincipalname=HTTP/f...@realm
and get
#
# LDAPv3
# base OU=name,DC=domain,DC=com with scope subtree
# filter:
Can you check with an ldap query (e.g. with ldapadmin from sourceforge) or
search with a filter (serviceprincipalname=HTTP/f...@realm) if you have
duplicate entries ?
This kinit -k -t /etc/squid/squid.keytab HTTP/f...@realm.kerberos will only
work if the userprincipal name is
Markus Moeller wrote:
Can you use kerbtray on the client ( it is available as part of the
support tools or resource tools). I suspect that your ticket has
expired. The ticket will usually be renewed when you lock/unlock your
screen or access a share. XP should also renew when IE accesses a web
Can you use kerbtray on the client ( it is available as part of the support
tools or resource tools). I suspect that your ticket has expired. The ticket
will usually be renewed when you lock/unlock your screen or access a share.
XP should also renew when IE accesses a web server or proxy with