Le Fri, 21 May 2010 10:03:57 +0200, Emmanuel Lesouef <e.lesouef@xxxxxxx> a écrit : > Le Thu, 20 May 2010 21:51:08 +0100, > "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> a écrit : > > > It will work with the right setup (e.g. you have to copy the > > Kerberos keytab to all machines and use the -s HTTP/<RR-DNS-name> > > or -s GSS_C_NO_NAME option with squid_kerb_auth). > > > > Regards > > Markus > > > > Understood. Thanks Markus. I didn't know it was possible to have a RR > DNS Name in the service name. > I'm raising this topic up because it seems that there is a problem creating the keytab : root@server1:~# msktutil -c -b "CN=COMPUTERS" -s HTTP/proxy.xx.yy -h proxy.xx.yy -k /etc/squid/HTTP.keytab --computer-name proxy --upn HTTP/proxy.xx.yy --server dc1.xx.yy --verbose --enctypes 28 [...] -- ldap_get_base_dn: Determining default LDAP base: dc=xx,dc=yy Error: No reverse DNS entry found for %2prox Error: complete_hostname failed Error: finalize_exec failed -- krb5_cleanup: Destroying Kerberos Context -- ldap_cleanup: Disconnecting from LDAP server -- init_password: Wiping the computer password structure Any advices ? -- Emmanuel Lesouef
