I could solve the issue by creating keytabs within the MS server and exported to Linux machine and is working fine with msktutils itself... Still do not find out the reason for not created it in Linux machine !
-----Original Message----- From: Markus Moeller [mailto:[email protected]] Sent: Sunday, June 24, 2012 9:39 PM To: [email protected] Subject: [squid-users] Re: Re: Squid Kerberos authentication error You can use samba to create the keytab, but you mustn't use any samba daemon as the daemon will reset the key in AD after a predefined time and thereby invalidate the key in your keytab. Regards Markus "Navas" <[email protected]> wrote in message news:[email protected]... > One more thing I am using Samba, I could not use mskutil. Is there any > issue with Kerberos and Samba. > OS: Redhat EL6.2 > squid-3.1 > > thanks, > > -----Original Message----- > From: Markus Moeller [mailto:[email protected]] > Sent: Sunday, June 24, 2012 2:59 PM > To: [email protected] > Subject: [squid-users] Re: Squid Kerberos authentication error > > Can you check that the squid user has read access to the Kerberos keytab ? > Did you set the environment variable KRB5_KTNAME pointing to the > Kerberos keytab in the startup script ? > > Markus > > "Navas" <[email protected]> wrote in message > news:[email protected]... >> Hi, >> I am trying to setup squid to authenticate as AD with kerberos as >> per the following document >> >> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive >> D >> irecto >> ry >> >> but I am getting following error in cache log, >> >> authenticateNegotiateHandleReply: Error validating user via Negotiate. >> Error >> returned 'BH gss_acquire_cred() failed: Unspecified GSS failure. >> Minor code may provide more information. Unknown error' >> >> appreciated for your kind help .. >> >> thanks, >> >> abusam >> >> > > > >
