Search squid archive

Re: Re: Re: Re: Re: Re: Kerberos with LDAP authentication failover and iTunes auth problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




"James Robertson" <j@xxxxxxxxxxxxxxxx> wrote in message news:CAMALoy-QRRGSzN6sSU6J6UTmFkAmh7aGETRo=qcn0gjS2R=69A@xxxxxxxxxxxxxx...
Now the update (which does not happen as msktutil determines it is not old
enough to change):

Thanks for the testing Markus.

But what happens after you reset your squid-test-http account on your
Windows Server and run the update again.  My guess is it will fail
when it gets to the try_machine_password step.  This would typically
work if the msktutil generated computer name matches the proxy's
hostname.

A reset of the account in AD will mean the password and therefore the Kerberos key changes who will be then out of sync with the key in the keytab.

If you use samba for NTLM authentication in squid then use the AD entry which matches the squid host name only for Samba and use use the -http name with the HTTP/<fqdn> service principal for Kerberos with msktutil. Use 2 separate AD computer accounts.

Markus




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux