Hi Ludovit,
Firstly, these lines are contradictory
permitted_enctypes = aes128-cts-hmac-sha1-96
allow_weak_crypto = true
weak crypto is des and permitted is aes. Do you use a mixed AD environment
( 2003/2008 ) ? 2003 does not support aes.
Markus
"Ludovit Koren" wrote in message news:86r3ttbn7d.fsf@xxxxxxxxx...
Markus Moeller <huaraz@xxxxxxxxxxxxxxxx> writes:
> Hi Ludovit,
> How did you create the keytab ? Usually there is an option allowing
> you to select the encryption type. The other place to check would be
> /etc/krb5.conf. It can contain a list of supported encryption
> types. See
>
http://www.freebsd.org/cgi/man.cgi?query=krb5.conf&apropos=0&sektion=5&manpath=FreeBSD+Ports+10.1-RELEASE&arch=default&format=html
> default_tgs_enctypes, default_tkt_enctypes and permitted_enctypes
Hello,
I am sorry, I was not able to contact windows ADS administrator...
I am not able to get the same ciphers in session key and ticket etype.
Here is my /etc/krb5.conf:
[logging]
default = SYSLOG:INFO:USER
kdc = SYSLOG:INFO
kdc = FILE:/var/log/krb.log
admin_server = FILE:/var/log/krb.log
default_keytab_name = FILE:/usr/local/etc/squid/HTTP.keytab
[libdefaults]
default_realm = MDPT.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_etypes = aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes128-cts-hmac-sha1-96
default_tkt_enctypes = aes128-cts-hmac-sha1-96
permitted_enctypes = aes128-cts-hmac-sha1-96
allow_weak_crypto = true
[realms]
MDPT.LOCAL = {
kdc = 10.1.8.21:88
admin_server = 10.1.8.21:464
}
[domain_realm]
.mdpt.local = MDPT.LOCAL
.local = MDPT.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
}
I do not know where to setup ticket etype on the squid server side.
regards,
lk
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users