Hi, I try to use kerberos in my squid. Nut I get an error message : ############################33 msktutil --auto-update --verbose --computer-name suqidpnb1 --server dctoyo1.toyo.grp -k /etc/squid/PROXY.keytab -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/urandom = 95 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-QCbGC5 -- destroy_g_context: Destroying Kerberos Context -- initialize_g_context: Creating Kerberos Context -- finalize_exec: SAM Account Name is: suqidpnb1$ -- try_machine_keytab_princ: Trying to authenticate for suqidpnb1$ from local keytab -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Key table entry not found) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for SUQIDPNB1$ from local keytab -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Key table entry not found) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/localhost from local keytab -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Key table entry not found) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_password: Trying to authenticate for suqidpnb1$ with password -- create_default_machine_password: Default machine password for suqidpnb1$ is suqidpnb1 -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_password: Authentication with password failed -- try_user_creds: Checking if default ticket cache has tickets -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials cache found) -- try_user_creds: User ticket cache was not valid Error: could not find any credentials to authenticate with. Neither keytab, default machine password, nor calling user's tickets worked. Try "kinit"ing yourself some tickets with permission to create computer objects, or pre-creating the computer object in AD and selecting 'reset account'.
#############################33 Can't find why this happen: My AD is 2012R2 function level I create keytab with this: msktutil -c -b "OU=Servers,DC=toyo,DC=grp" -s HTTP/squidtoyopnb1.toyo.grp -k /etc/squid/PROXY.keytab --computer-name SQUIDPNB1 --upn HTTP/squidtoyopnb1.toyo.grp --server dctoyo1.toyo.grp --verbose --enctypes 28 Keytab file permission is: -rw-r----- 1 root squid 933 Sep 25 13:37 PROXY.keytab and keytab file (klist -k output): 3 [email protected] 3 [email protected] 3 [email protected] 3 HTTP/[email protected] 3 HTTP/[email protected] 3 HTTP/[email protected] 3 host/[email protected] 3 host/[email protected] 3 host/[email protected] 3 host/[email protected] 3 host/[email protected] 3 host/[email protected] krb5.conf: [libdefaults] default_realm = TOYO.GRP dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h default_keytab_name = /etc/squid/PROXY.keytab ; for Windows 2008 with AES default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 [realms] TOYO.GRP = { kdc = dctoyo1.toyo.grp kdc = DCTOYO2.toyo.grp admin_server = 10.65.12.254 default_domain = toyo.grp } [domain_realm] toyo.grp = TOYO.GRP .toyo.grp = TOYO.GRP [logging] kdc = FILE:/var/log/kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log -- Tevfik Ceydeliler
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
