You can use samba to create the keytab, but you mustn't use any samba daemon
as the daemon will reset the key in AD after a predefined time and thereby
invalidate the key in your keytab.
Regards
Markus
"Navas" <[email protected]> wrote in message
news:[email protected]...
One more thing I am using Samba, I could not use mskutil. Is there any
issue
with Kerberos and Samba.
OS: Redhat EL6.2
squid-3.1
thanks,
-----Original Message-----
From: Markus Moeller [mailto:[email protected]]
Sent: Sunday, June 24, 2012 2:59 PM
To: [email protected]
Subject: [squid-users] Re: Squid Kerberos authentication error
Can you check that the squid user has read access to the Kerberos keytab ?
Did you set the environment variable KRB5_KTNAME pointing to the Kerberos
keytab in the startup script ?
Markus
"Navas" <[email protected]> wrote in message
news:[email protected]...
Hi,
I am trying to setup squid to authenticate as AD with kerberos as per
the following document
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveD
irecto
ry
but I am getting following error in cache log,
authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error
returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.
Minor code may provide more information. Unknown error'
appreciated for your kind help ..
thanks,
abusam
