Hi.
On 17.10.2014 11:02, Victor Sudakov wrote: The thing is, valid exchange should not and does not contain the KRB5KRB_AP_ERR_MODIFIED error, and yours does. This indicates something is wrong between these two hosts (as I understand, 10.14.134.4 is a Windows Server, and .122 is a workstation). You need to investigate on your DC what's happening, Probably these are the etype errors (may be not). If your DC is really w2k (not w2k3 or w2k8) and the workstation is of different generation, this can happen. Also, lots of howtos spread around the Internet, make an engineer believe that he should kreate the keytab with only one encryption type for squid, insted kreating the keytab with all of available on the DC ciphers, This can also lead to complicated situations. There's also a decent article there: http://blogs.technet.com/b/askds/archive/2008/06/11/kerberos-authentication-problems-service-principal-name-spn-issues-part-3.aspx Could help you as it did help me one day. Eugene. |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users