It's not all creating keytab. [root@lx work]# net ads keytab add HTTP -U administrator Processing principals to add... Enter administrator's password: [root@lx work]# ktutil ktutil: rkt /etc/krb5.keytab rkt: Unsupported key table format version number while reading keytab "/etc/krb5.keytab" No contents there at /etc/krb5.keytab Thanks, Br abusam -----Original Message----- From: Markus Moeller [mailto:huaraz@xxxxxxxxxxxxxxxx] Sent: Sunday, June 24, 2012 9:39 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: Re: Squid Kerberos authentication error You can use samba to create the keytab, but you mustn't use any samba daemon as the daemon will reset the key in AD after a predefined time and thereby invalidate the key in your keytab. Regards Markus "Navas" <vmnavas@xxxxxxxxx> wrote in message news:4c9801cd520a$34f4ee30$9edeca90$@gmail.com... > One more thing I am using Samba, I could not use mskutil. Is there any > issue with Kerberos and Samba. > OS: Redhat EL6.2 > squid-3.1 > > thanks, > > -----Original Message----- > From: Markus Moeller [mailto:huaraz@xxxxxxxxxxxxxxxx] > Sent: Sunday, June 24, 2012 2:59 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid Kerberos authentication error > > Can you check that the squid user has read access to the Kerberos keytab ? > Did you set the environment variable KRB5_KTNAME pointing to the > Kerberos keytab in the startup script ? > > Markus > > "Navas" <vmnavas@xxxxxxxxx> wrote in message > news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com... >> Hi, >> I am trying to setup squid to authenticate as AD with kerberos as >> per the following document >> >> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive >> D >> irecto >> ry >> >> but I am getting following error in cache log, >> >> authenticateNegotiateHandleReply: Error validating user via Negotiate. >> Error >> returned 'BH gss_acquire_cred() failed: Unspecified GSS failure. >> Minor code may provide more information. Unknown error' >> >> appreciated for your kind help .. >> >> thanks, >> >> abusam >> >> > > > >
