[squid-users] Re: Re: Re: Squid Kerberos authentication error

[Markus Moeller]

I usually use msktutil and I only know from samba what is documented here 
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Create_keytab

Markus

"Navas" <vmna...@gmail.com> wrote in message 
news:034901cd52d6$82b3c1b0$881b4510$@gmail.com...
It's not all creating keytab.

[root@lx work]# net ads keytab add HTTP -U administrator
Processing principals to add...
Enter administrator's password:

[root@lx work]# ktutil
ktutil:  rkt /etc/krb5.keytab
rkt: Unsupported key table format version number while reading keytab
"/etc/krb5.keytab"

No contents there at /etc/krb5.keytab

Thanks,

Br
abusam

-----Original Message-----
From: Markus Moeller [mailto:hua...@moeller.plus.com]
Sent: Sunday, June 24, 2012 9:39 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Re: Re: Squid Kerberos authentication error

You can use samba to create the keytab, but you mustn't use any samba 
daemon
as the daemon will reset the key in AD after a predefined time and thereby
invalidate the key in your keytab.

Regards
Markus


"Navas" <vmna...@gmail.com> wrote in message
news:4c9801cd520a$34f4ee30$9edeca90$@gmail.com...
One more thing I am using Samba, I could not use mskutil. Is there any
issue with Kerberos and Samba.
OS: Redhat EL6.2
squid-3.1

thanks,

-----Original Message-----
From: Markus Moeller [mailto:hua...@moeller.plus.com]
Sent: Sunday, June 24, 2012 2:59 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Re: Squid Kerberos authentication error

Can you check that the squid user has read access to the Kerberos keytab 
?
Did you set the environment variable KRB5_KTNAME pointing to the
Kerberos keytab in the startup script ?

Markus

"Navas" <vmna...@gmail.com> wrote in message
news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com...
Hi,
I am trying  to setup squid to authenticate as AD with kerberos as
per the following document

http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive
D
irecto
ry

but I am getting following error in cache log,

authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error
returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.
Minor code may provide more information. Unknown error'

appreciated for your kind help ..

thanks,

abusam