Re: Re: Re: Squid Kerberos authentication error

["Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>]

I usually use msktutil and I only know from samba what is documented here 
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Create_keytab

Markus


"Navas" <vmnavas@xxxxxxxxx> wrote in message 
news:034901cd52d6$82b3c1b0$881b4510$@gmail.com...
> It's not all creating keytab.
>
> [root@lx work]# net ads keytab add HTTP -U administrator
> Processing principals to add...
> Enter administrator's password:
>
> [root@lx work]# ktutil
> ktutil:  rkt /etc/krb5.keytab
> rkt: Unsupported key table format version number while reading keytab
> "/etc/krb5.keytab"
>
> No contents there at /etc/krb5.keytab
>
> Thanks,
>
> Br
> abusam
>
> -----Original Message-----
> From: Markus Moeller [mailto:huaraz@xxxxxxxxxxxxxxxx]
> Sent: Sunday, June 24, 2012 9:39 PM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject:  Re: Re: Squid Kerberos authentication error
>
> You can use samba to create the keytab, but you mustn't use any samba 
> daemon
> as the daemon will reset the key in AD after a predefined time and thereby
> invalidate the key in your keytab.
>
> Regards
> Markus
>
>
> "Navas" <vmnavas@xxxxxxxxx> wrote in message
> news:4c9801cd520a$34f4ee30$9edeca90$@gmail.com...
> > One more thing I am using Samba, I could not use mskutil. Is there any
> > issue with Kerberos and Samba.
> > OS: Redhat EL6.2
> > squid-3.1
> >
> > thanks,
> >
> > -----Original Message-----
> > From: Markus Moeller [mailto:huaraz@xxxxxxxxxxxxxxxx]
> > Sent: Sunday, June 24, 2012 2:59 PM
> > To: squid-users@xxxxxxxxxxxxxxx
> > Subject:  Re: Squid Kerberos authentication error
> >
> > Can you check that the squid user has read access to the Kerberos keytab 
> > ?
> > Did you set the environment variable KRB5_KTNAME pointing to the
> > Kerberos keytab in the startup script ?
> >
> > Markus
> >
> > "Navas" <vmnavas@xxxxxxxxx> wrote in message
> > news:000301cd51e5$7f9e64e0$7edb2ea0$@gmail.com...
> > > Hi,
> > > I am trying  to setup squid to authenticate as AD with kerberos as
> > > per the following document
> > >
> > > http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActive
> > > D
> > > irecto
> > > ry
> > >
> > > but I am getting following error in cache log,
> > >
> > > authenticateNegotiateHandleReply: Error validating user via Negotiate.
> > > Error
> > > returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.
> > > Minor code may provide more information. Unknown error'
> > >
> > > appreciated for your kind help ..
> > >
> > > thanks,
> > >
> > > abusam