Hi,
I am using FreeBSD 8.1, samba 3.6.9 and squid 3.2.6.
The /etc/krb5.conf file:
[logging]
default = FILE:/var/log/krb.log
kdc = FILE:/var/log/krb.log
admin_server = FILE:/var/log/krb.log
default_keytab_name = /usr/local/etc/squid/HTTP.keytab
[libdefaults]
default_realm = MDPT.LOCAL
dns_lookup_realm = no
dns_lookup_kdc = no
ticket_lifetime = 24h
forwardable = yes
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
[realms]
EXAMPLE.LOCAL = {
kdc = ads01.example.local:88
admin_server = ads01.example.local:464
default_domain = EXAMPLE.LOCAL
}
[domain_realm]
.domain.local = EXAMPLE.LOCAL
domain.local = EXAMPLE.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
}
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: xkoren@EXAMPLE.LOCAL
Issued Expires Principal
Jan 29 13:26:54 Jan 29 23:26:54 HTTP/squid2@EXAMPLE.LOCAL
and I get the following error:
2013/01/29 13:36:30 kid1| Starting new negotiateauthenticator helpers...
2013/01/29 13:36:30 kid1| helperOpenServers: Starting 1/32
'negotiate_wrapper_auth' processes
2013/01/29 13:36:30 kid1| WARNING: no_suid: setuid(0): (1) Operation not
permitted
2013/01/29 13:36:30| negotiate_wrapper: Starting version 1.0.1
2013/01/29 13:36:30| negotiate_wrapper: NTLM command: /usr/local/bin/ntlm_auth
--diagnostics --helper-protocol=squid-2.5-ntlmssp
2013/01/29 13:36:30| negotiate_wrapper: Kerberos command:
/usr/local/libexec/squid/negotiate_kerberos_auth -d -s GSS_C_NO_NAME
2013/01/29 13:36:30| negotiate_wrapper: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' from squid (length:
59).
2013/01/29 13:36:30| negotiate_wrapper: Decode
'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==' (decoded length: 40).
2013/01/29 13:36:30| negotiate_wrapper: received type 1 NTLM token
negotiate_kerberos_auth.cc(271): pid=93059 :2013/01/29 13:36:30|
negotiate_kerberos_auth: INFO: Starting version 3.0.4sq
2013/01/29 13:36:30| negotiate_wrapper: Return 'TT
TlRMTVNTUAACAAAACAAIADgAAAAVgoniY4vxELxfaaEAAAAAAAAAAG4AbgBAAAAABgEAAAAAAA9NAEQAUABUAAIACABNAEQAUABUAAEADABTAFEAVQBJAEQAMgAEABwAdABlAGwAZQBjAG8AbQAuAGcAbwB2AC4AcwBrAAMAKgBzAHEAdQBpAGQAMgAuAHQAZQBsAGUAYwBvAG0ALgBnAG8AdgAuAHMAawAAAAAA
'
2013/01/29 13:36:30| negotiate_wrapper: Got 'KK
TlRMTVNTUAADAAAAGAAYAHwAAAAGAQYBlAAAAAgACABYAAAAEAAQAGAAAAAMAAwAcAAAABAAEACaAQAAFYKI4gYBsR0AAAAPgUvYFXzvBnilZfvLSfLzUE0ARABQAFQAdQB6AGkAdgBhAHQAZQBsAE8AUABJAFMATgBCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOVyvgVb93T48t/OT6r29XQBAQAAAAAAAF/s0kMd/s0BRgY0Vi13cR0AAAAAAgAIAE0ARABQAFQAAQAMAFMAUQBVAEkARAAyAAQAHAB0AGUAbABlAGMAbwBtAC4AZwBvAHYALgBzAGsAAwAqAHMAcQB1AGkAZAAyAC4AdABlAGwAZQBjAG8AbQAuAGcAbwB2AC4AcwBrAAgAMAAwAAAAAAAAAAEAAAAAEAAAlgAoFHA9U+vb8UFwVQMvpx50bpEtKKqtZSzHIFFAsDkKABAAAAAAAAAAAAAAAAAAAAAAAAkAHABIAFQAVABQAC8AMQAwAC4AMQAuADgALgAzADEAAAAAAAAAAAD9G0LzjgxFX4gXbxAPqzuD'
from squid (length: 571).
2013/01/29 13:36:30| negotiate_wrapper: Decode
'TlRMTVNTUAADAAAAGAAYAHwAAAAGAQYBlAAAAAgACABYAAAAEAAQAGAAAAAMAAwAcAAAABAAEACaAQAAFYKI4gYBsR0AAAAPgUvYFXzvBnilZfvLSfLzUE0ARABQAFQAdQB6AGkAdgBhAHQAZQBsAE8AUABJAFMATgBCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOVyvgVb93T48t/OT6r29XQBAQAAAAAAAF/s0kMd/s0BRgY0Vi13cR0AAAAAAgAIAE0ARABQAFQAAQAMAFMAUQBVAEkARAAyAAQAHAB0AGUAbABlAGMAbwBtAC4AZwBvAHYALgBzAGsAAwAqAHMAcQB1AGkAZAAyAC4AdABlAGwAZQBjAG8AbQAuAGcAbwB2AC4AcwBrAAgAMAAwAAAAAAAAAAEAAAAAEAAAlgAoFHA9U+vb8UFwVQMvpx50bpEtKKqtZSzHIFFAsDkKABAAAAAAAAAAAAAAAAAAAAAAAAkAHABIAFQAVABQAC8AMQAwAC4AMQAuADgALgAzADEAAAAAAAAAAAD9G0LzjgxFX4gXbxAPqzuD'
(decoded length: 426).
2013/01/29 13:36:30| negotiate_wrapper: received type 3 NTLM token
2013/01/29 13:36:30| negotiate_wrapper: Return 'NA = NT_STATUS_UNSUCCESSFUL
I tried google, but I cannot resolve the problem. Please could you be
so kind as far as to point me in the right direction?
Thank you very much in advance.
regards,
lk
