How does your configuration look like ? How did you create the keytab file ?
Markus
"Mohamed Navas" <vmnavas@xxxxxxxxx> wrote in message
news:CAJa81O71_pG63hu7XGW2om6EOBGTS8y-=xDbSRAyaZgCANaJgw@xxxxxxxxxxxxxx...
Hi,
I have setup the squid authentication with windows 2003 Domain
controller. But it's working well with NTLM, but failed with kerberso
..getting following error:-
=====================================================================
2012/07/02 15:07:17| squid_kerb_auth: ERROR: gss_accept_sec_context()
failed: Unspecified GSS failure. Minor code may provide more
information.
2012/07/02 15:07:17| negotiate_wrapper: Return 'BH
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
may provide more information.
'
2012/07/02 15:07:17| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
may provide more information
=======================================================================
mr krb5.conf file is:-
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DXBPET.SYSNET.ROOT
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
#default_keytab_name = /etc/squid/HTTP.keytab
#allow_weak_crypto = yes
; for Windows 2003
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
[realms]
DXBPET.DUBAIPETROLEUM.ROOT = {
kdc = dxbjadc12.dxbpet.sysnet.root
admin_server = dxbjadc12.dxbpet.sysnet.root
kdc = 10.97.8.122
}
[domain_realm]
.dxbpet.sysnet.root = DXBPET.SYSNET.ROOT
dxbpet.sysnet.root = DXBPET.SYSNET.ROOT
