It's not all creating keytab. [root@lx work]# net ads keytab add HTTP -U administrator Processing principals to add... Enter administrator's password:
[root@lx work]# ktutil ktutil: rkt /etc/krb5.keytab rkt: Unsupported key table format version number while reading keytab "/etc/krb5.keytab" No contents there at /etc/krb5.keytab Thanks, Br abusam -----Original Message----- From: Markus Moeller [mailto:[email protected]] Sent: Sunday, June 24, 2012 9:39 PM To: [email protected] Subject: [squid-users] Re: Re: Squid Kerberos authentication error You can use samba to create the keytab, but you mustn't use any samba daemon as the daemon will reset the key in AD after a predefined time and thereby invalidate the key in your keytab. Regards Markus "Navas" <[email protected]> wrote in message news:[email protected]... > One more thing I am using Samba, I could not use mskutil. Is there any > issue with Kerberos and Samba. > OS: Redhat EL6.2 > squid-3.1 > > thanks, > > -----Original Message----- > From: Markus Moeller [mailto:[email protected]] > Sent: Sunday, June 24, 2012 2:59 PM > To: [email protected] > Subject: [squid-users] Re: Squid Kerberos authentication error > > Can you check that the squid user has read access to the Kerberos keytab ? > Did you set the environment variable KRB5_KTNAME pointing to the > Kerberos keytab in the startup script ? > > Markus > > "Navas" <[email protected]> wrote in message > news:[email protected]... >> Hi, >> I am trying to setup squid to authenticate as AD with kerberos as >> per the following document >> >> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive >> D >> irecto >> ry >> >> but I am getting following error in cache log, >> >> authenticateNegotiateHandleReply: Error validating user via Negotiate. >> Error >> returned 'BH gss_acquire_cred() failed: Unspecified GSS failure. >> Minor code may provide more information. Unknown error' >> >> appreciated for your kind help .. >> >> thanks, >> >> abusam >> >> > > > >
