|
So this worked ?
Markus
"Olivier CALVANO" <o.calvano@xxxxxxxxx> wrote in message
news:CAJajPeddju9t4QAiPSmT-5JUsn4Gf6Nj0Pff3JBJ+BzXzTXOUQ@xxxxxxxxxxxxxx... hoo i have deleted "--enctypes 28" and now:[root@gw msktutil-1.0rc1]# ./msktutil -c -b "CN=COMPUTERS" -s HTTP/ophtcysrv1v4.myaddomain.fr -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/ophtcysrv1v4.myaddomain.fr --server myad.myaddomain.fr --verbose -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/urandom = 94 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-RyUQcT -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (No such file or directory) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (No such file or directory) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/mydnshostname.fr from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with password. -- create_default_machine_password: Default machine password for OPHTCYSRV1V4-K$ is ophtcysrv1v4-k -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Preauthentication failed) -- try_machine_password: Authentication with password failed -- try_user_creds: Checking if default ticket cache has tickets... -- finalize_exec: Authenticated using method 5 -- LDAPConnection: Connecting to LDAP server: myad.myaddomain.fr SASL/GSSAPI authentication started SASL username: Myusername@xxxxxxxxxxxxx SASL SSF: 56 SASL data security layer installed. -- ldap_get_base_dn: Determining default LDAP base: dc=SODIAAL,dc=FR -- ldap_check_account: Checking that a computer account for OPHTCYSRV1V4-K$ exists -- ldap_check_account: Checking computer account - found -- ldap_check_account: Found userAccountControl = 0x1000 -- ldap_check_account: Found supportedEncryptionTypes = 28 -- ldap_check_account: Found dNSHostName = mydnshostname.fr -- ldap_check_account: userPrincipal specified on command line -- ldap_check_account_strings: Inspecting (and updating) computer account attributes -- ldap_check_account_strings: Found userPrincipalName = HTTP/ophtcysrv1v4.myaddomain.fr@xxxxxxxxxxxxx -- ldap_check_account_strings: userPrincipalName should be HTTP/ophtcysrv1v4.myaddomain.fr@xxxxxxxxxxxxx -- ldap_check_account_strings: Nothing to do -- ldap_set_supportedEncryptionTypes: No need to change msDs-supportedEncryptionTypes they are 28 -- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0 -- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000 -- ldap_get_kvno: KVNO is 1 -- set_password: Attempting to reset computer's password -- set_password: Try change password using user's ticket cache -- ldap_get_pwdLastSet: pwdLastSet is 130751472429170776 -- set_password: Successfully set password. -- ldap_add_principal: Checking that adding principal HTTP/ophtcysrv1v4.myaddomain.fr to OPHTCYSRV1V4-K$ won't cause a conflict -- ldap_add_principal: Adding principal HTTP/ophtcysrv1v4.myaddomain.fr to LDAP entry -- ldap_add_principal: Checking that adding principal host/mydnshostname.fr to OPHTCYSRV1V4-K$ won't cause a conflict -- ldap_add_principal: Adding principal host/mydnshostname.fr to LDAP entry -- execute: Updating all entries for mydnshostname.fr in the keytab WRFILE:/etc/squid/PROXY.keytab -- update_keytab: Updating all entries for OPHTCYSRV1V4-K$ -- add_principal_keytab: Adding principal to keytab: OPHTCYSRV1V4-K$ -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x17 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x11 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x12 -- add_principal_keytab: Adding principal to keytab: OPHTCYSRV1V4-K$ -- add_principal_keytab: Removing entries with kvno < 0 -- add_principal_keytab: Deleting OPHTCYSRV1V4-K$@myaddomain.fr kvno=2, enctype=23 -- add_principal_keytab: Deleting OPHTCYSRV1V4-K$@myaddomain.fr kvno=2, enctype=17 -- add_principal_keytab: Deleting OPHTCYSRV1V4-K$@myaddomain.fr kvno=2, enctype=18 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x17 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x11 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x12 -- add_principal_keytab: Adding principal to keytab: HTTP/ophtcysrv1v4.myaddomain.fr -- add_principal_keytab: Removing entries with kvno < 0 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x17 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x11 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x12 -- add_principal_keytab: Adding principal to keytab: host/OPHTCYSRV1V4-K -- add_principal_keytab: Removing entries with kvno < 0 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x17 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x11 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x12 -- update_keytab: Entries for SPN HTTP/ophtcysrv1v4.myaddomain.fr have already been added. Skipping ... -- add_principal_keytab: Adding principal to keytab: host/mydnshostname.fr -- add_principal_keytab: Removing entries with kvno < 0 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x17 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x11 -- add_principal_keytab: Using salt of myaddomain.frhostophtcysrv1v4-k.myaddomain.fr -- add_principal_keytab: Adding entry of enctype 0x12 -- wait_for_new_kvno: Checking new kvno via ldap -- ldap_get_kvno: KVNO is 1 Waiting for account replication (0 seconds past) -- ldap_get_kvno: KVNO is 2 -- ~KRB5Context: Destroying Kerberos Context 2015-05-03 13:25 GMT+02:00 Markus Moeller <huaraz@xxxxxxxxxxxxxxxx>:
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
