Search squid archive

msktutil on Debian Squeeze

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I'm trying to setup squid_kerb_auth but I'm stuck on problem with msktutil.

I've downloaded msktutil_0.3.16-7_amd64.deb and installed with
dependencies: libsasl2-modules-gssapi-mit, libgssapi-krb5-2, libkrb53.

Then, I try to run msktutil from Squid website examples:

root@proxy:~# kinit administrator
Password for administrator@xxxxxxxxxx:
root@proxy:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@xxxxxxxxxx

Valid starting     Expires            Service principal
04/14/11 18:59:02  04/15/11 04:59:07  krbtgt/BANK.LOCAL@xxxxxxxxxx
        renew until 04/15/11 18:59:02
root@proxy:~# msktutil -c -b "CN=COMPUTERS" -s HTTP/proxy.bank.local
-h proxy.bank.local -k /etc/squid3/HTTP.keytab --computer-name
squid-http --upn HTTP/proxy.bank.local  --server dc.bank.local
--verbose --enctypes 28
 -- init_password: Wiping the computer password structure
 -- finalize_exec: Determining user principal name
 -- finalize_exec: User Principal Name is: HTTP/proxy.bank.local@xxxxxxxxxx
 -- create_fake_krb5_conf: Created a fake krb5.conf file:
/tmp/.mskt-1550krb5.conf
 -- get_krb5_context: Creating Kerberos Context
 -- try_machine_keytab: Using the local credential cache:
/tmp/.mskt-1550krb5_ccache
 -- try_machine_keytab: krb5_get_init_creds_keytab failed (No such
file or directory)
 -- try_machine_keytab: Unable to authenticate using the local keytab
 -- ldap_connect: ldap_connect calling try_ldap_connect

 -- try_ldap_connect: Connecting to LDAP server: dc.bank.local try_tls=YES
 -- try_ldap_connect: Connecting to LDAP server: dc.bank.local try_tls=NO
SASL/GSSAPI authentication started
Error: ldap_sasl_interactive_bind_s failed 4 (Local error)
Error: ldap_connect failed
 -- krb5_cleanup: Destroying Kerberos Context
 -- ldap_cleanup: Disconnecting from LDAP server
 -- init_password: Wiping the computer password structure


And I'm stuck. I'm not sure, but AFAIK the same error (ldap_sasl_...)
I've received on Centos 5.6 and msktutil from RPM.

AD is on win2008R2.

Any ideas why it doesn't work? I remember, that in Feb 2011 on my
first tests with krb and msktutil (CentOS 5.5 + 2008R2) all was ok.

Regards
Rafal
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux