Le Tue, 8 Jun 2010 00:21:11 +0100, "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> a écrit : > Hi Emmanuel, > > Can you resolve proxy.xx.yy and then resolve the ip-address you > get to a name ? > > Markus I couldn't, so I made some PTR records and now I have a working keytab with the following msktuil command line : msktutil -c -b "CN=COMPUTERS" -s HTTP/proxy.xx.yy -h proxy.xx.yy -k /etc/squid/SQUID.keytab --computer-name proxy --upn HTTP/proxy.xx.yy --server dc1.xx.yy --verbose NTLM auth works great, but not the Kerberos one, with the following lines in squid.conf : auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on Here is what I got in cache.log : 2010/06/08 10:02:20| squid_kerb_auth: parseNegTokenInit failed with rc=102 2010/06/08 10:02:20| squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. No principal in keytab matches desired name I suppose there is something missing. But what ? Thanks for your help. -- Emmanuel Lesouef
