Search squid archive

Re: squid_kerb_auth problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Can you check with an ldap query (e.g. with ldapadmin from sourceforge) or search with a filter "(serviceprincipalname=HTTP/fqdn@REALM)" if you have duplicate entries ?

This kinit -k -t /etc/squid/squid.keytab HTTP/fqdn@xxxxxxxxxxxxxx will only work if the userprincipal name is HTTP/fqdn@xxxxxxxxxxxxxx which I think is not the case with ktpass.


Regards
Markus


"Umesh Bodalina" <u.bodalina@xxxxxxxxx> wrote in message news:c3b47c041001120741n6c2edf4ftd67dbe4b5cf1e2f0@xxxxxxxxxxxxxxxxx
Hi,

I'm trying to get the squid helper squid_kerb_auth to work against our
Active Directory (win 2003 sp2).

I've compiled the latest squid version (squid-2.7.STABLE7)on CentOS 5.4
64 bit.

Squid Cache: Version 2.7.STABLE7
configure options:  '--prefix=/usr/local/squid' '--disable-wccp'
'--disable-wccpv2' '--enable-large-cache-files' '--with-large-files'
'--enable-delay-pools' '--enable-cachemgr-hostname' '=fqdn'
'--enable-ntlm-auth-helpers=SMB' '--enable-auth=basic,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-snmp'


A keytab file was create on AD for squid
(HTTP/squid.domain@xxxxxxxxxxxxxx)

ktpass -princ HTTP/fqdn@REALM -mapuser squiduser
-pass password -out HTTP.keytab

Transferred the file on the CentOS server and placed it
in /etc/squid/HTTP.keytab


kinit -k -t /etc/squid/squid.keytab HTTP/fqdn@xxxxxxxxxxxxxx

I get the error message:
kinit(v5): Client not found in Kerberos database while getting initial
credentials


I've also tried creating the keytab file using
msktutil or samba according to the following doc:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos

I get the same error.

How do I sort out this problem?

Thanks in advance.
Regards
Umesh




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux