hum a new problems ?? [root@gw]# msktutil --auto-update --verbose --computer-name ophtcysrv1v4-k -k /etc/squid/PROXY.keytab -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/urandom = 84 -- get_dc_host: Attempting to find Domain Controller to use via DNS SRV record in domain MYDOMAIN.FR for procotol tcp -- get_dc_host: Found DC: dc122001.mydomain.fr -- get_dc_host: Canonicalizing DC through forward/reverse lookup... Error: gethostbyaddr failed -- get_dc_host: Found Domain Controller: Error: get_dc_host failed -- ~KRB5Context: Destroying Kerberos Context
2015-05-03 13:25 GMT+02:00 Markus Moeller <hua...@moeller.plus.com>: > Did you compile msktutil or is it a package in centos ? > > Markus > > "Olivier CALVANO" <o.calv...@gmail.com> wrote in message > news:cajajpecqd+_1krufwa9eac4iyakapzblyg-9vuueklgwuec...@mail.gmail.com... > Hi > > > Thanks for your answer > > CentOS Linux release 7.1.1503 (Core) > > krb5-workstation-1.12.2-14.el7.x86_64 > krb5-libs-1.12.2-14.el7.x86_64 > > regards > olivier > > > 2015-05-03 0:25 GMT+02:00 Markus Moeller <hua...@moeller.plus.com>: > >> Which OS and Kerberos version do you have ? There might be some issue >> with the cache used KEYRING:persistent:0:0 >> Markus >> >> "Olivier CALVANO" <o.calv...@gmail.com> wrote in message >> news:CAJajPefo3t8b1=_v5pfj3h0gq4jk3oosutw8gnhy7z-gs21...@mail.gmail.com. >> .. >> Hi >> >> I request your help because i want use NTLM/Kerberos for authenticate my >> user. >> >> For NTLM, i use Winbind, no problems, >> >> [root@gw]# wbinfo -t >> checking the trust secret for domain MYADDOMAIN via RPC calls succeeded >> >> but for Kerberos, i can't create the .keytab >> >> >> [root@gw]# kinit MYUSERNAME >> Password for myusern...@myaddomain.fr: >> >> [root@gw]# klist >> Ticket cache: KEYRING:persistent:0:0 >> Default principal: myusern...@myaddomain.fr >> >> Valid starting Expires Service principal >> 02/05/2015 04:51:25 02/05/2015 14:51:25 krbtgt/ >> myaddomain...@myaddomain.fr >> renew until 09/05/2015 04:51:07 >> >> MYUSERNAME is the same account that i join the domain (net join) with >> winbind >> >> >> after, i put: >> >> msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org >> -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/ >> gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose >> >> and i have a error: >> >> [root@gw etc]# msktutil -c -b "CN=COMPUTERS" -s HTTP/ >> gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab >> --computer-name OPHTCYSRV1V4-K --upn HTTP/ >> gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose >> -- init_password: Wiping the computer password structure >> -- generate_new_password: Generating a new, random password for the >> computer account >> -- generate_new_password: Characters read from /dev/udandom = 84 >> -- create_fake_krb5_conf: Created a fake krb5.conf file: >> /tmp/.msktkrb5.conf-jnxTuG >> -- reload: Reloading Kerberos Context >> -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ >> -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ >> from local keytab... >> -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed >> (Client not found in Kerberos database) >> -- try_machine_keytab_princ: Authentication with keytab failed >> -- try_machine_keytab_princ: Trying to authenticate for host/ >> gw.srv1-v4.tcy.myinternetdomain.org from local keytab... >> -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed >> (Client not found in Kerberos database) >> -- try_machine_keytab_princ: Authentication with keytab failed >> -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with >> password. >> -- create_default_machine_password: Default machine password for >> OPHTCYSRV1V4-K$ is ophtcysrv1v4-k >> -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client >> not found in Kerberos database) >> -- try_machine_password: Authentication with password failed >> -- try_user_creds: Checking if default ticket cache has tickets... >> -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials >> cache found) >> -- try_user_creds: User ticket cache was not valid. >> Error: could not find any credentials to authenticate with. Neither >> keytab, >> default machine password, nor calling user's tickets worked. Try >> "kinit"ing yourself some tickets with permission to create computer >> objects, or pre-creating the computer object in AD and selecting >> 'reset account'. >> -- ~KRB5Context: Destroying Kerberos Context >> >> >> >> same error if i change gw.srv1-v4.tcy.myinternetdomain.org to >> ophtcysrv1v4.myaddomain.fr >> >> >> anyone know the origin of this error ? >> >> thanks >> Olivier >> >> >> ------------------------------ >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> > > ------------------------------ > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
