Hi Markus,
I built a new Centos server at version 6.5 and redo all the configuration on
the new server in the same way.
Magic happened: everything is working now.
Thank you very much for your help and guidance.
--
View this message in context:
Hi Marcus,
Please see my current /etc/init.d/squid file. I had added your suggested
content.
[root@proxy01 ~]# cd /etc/init.d/
[root@proxy01 init.d]# more squid
#!/bin/bash
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
#
### BEGIN INIT INFO
# Provides: squid
hi Markus,
Please see the below. I just temporally change access control of keytab
file. Still no lucky
[root@proxy01 squid]# ls -al
total 76
drwxr-xr-x. 2 root root 4096 Dec 23 14:24 .
drwxr-xr-x. 105 root root 12288 Dec 24 11:18 ..
-rw-r--r--. 1 root squid 419 Oct 1 23:40
Hi Markus,
Firstly, Thank you very much and Merry Christmas!!!
Tried as your suggestion.
But still no lucky.
The logs as below:
2013/12/23 14:27:47| squid_kerb_auth: DEBUG: Got 'YR
Hi,
I am working to enable kerberos authentication for Squid proxy.
My environment is as below:
DC: dc1.deeplayer.com (windows 2008 r2 domain level 2003) IP 10.1.1.91
Squid proxy: centos 6.4 IP 10.1.1.97
Client: windows xp sp3, IE8 IP 10.1.1.211
I have followed the guide at
HI Markus,
Thank you very much!
Sorry that I read the capture wrongly.
Looks like the KVNO version and encryption type match between the client XP
PC and squid proxy.
http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4663966/03.png
[root@proxy01 squid]# klist -ekt squid.keytab
Keytab
Hi,
BTW, below is the latest alert log
== /var/log/squid/cache.log ==
2013/12/22 08:39:39| squid_kerb_auth: DEBUG: Got 'YR
TlRMTVNTUAABt4II4gAFASgKDw==' from squid
(length: 59).
2013/12/22 08:39:39| squid_kerb_auth: DEBUG: Decode
Hi Markus,
As suggested, I perform a packet capture by wireshark on proxy client.
I can get the TGS-REP packet with no error. The ticket KVNO (version 15)and
encryption type (RC4-hmac)match proxy end.
Please see the below:
latest log:
2013/12/22 12:26:24| squid_kerb_auth: ERROR: gss_acquire_cred() failed:
Unspecified GSS failure. Minor code may provide more information.
2013/12/22 12:26:24| squid_kerb_auth: INFO: User not authenticated
2013/12/22 12:26:24| authenticateNegotiateHandleReply: Error validating user
Hi Markus.
my proxy hostname is
[root@proxy01 squid]# hostname -f
proxy01.deeplayer.com
I use the CLI below to create the keytab.
msktutil -c -b CN=COMPUTERS -s HTTP/proxy02.deeplayer.com -k
/etc/squid/squid.keytab --computer-name proxy02 --upn
HTTP/proxy02.deeplayer.com --server
thx for your confirmation(i did the right. thing ). let us go back to my
issue. cld you pls help ?
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-proxy-kerberos-authentication-failure-Help-tp4663964p4663976.html
Sent from the Squid - Users mailing
11 matches
Mail list logo