Hi. Im having problems with Kerberos. I cannot do the keytab... kinit squid (all good) ----------------------------------------------------------------------------------------------------- klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: squid@xxxxxxxxxxx Valid starting Expires Service principal 22/08/16 13:17:55 22/08/16 23:17:55 krbtgt/xxxxxx.LAN@xxxxxxxxx (THIS IS NOT STRANGE???!--- I mean krbtgt/*EXAMPLE.LAN@xxxxxxxxxxx*) renew until 23/08/16 13:17:51 ------------------------------------------------------------------------------------------------------- msktutil -c -b "CN=Computers" -s HTTP/squid.xxxxx.lan -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn HTTP/squid.xxxxxx.lan --server d02.xxxxxx.lan --verbose --enctypes 28 -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/udandom = 84 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-cfazrB -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: SQUIDPROXY-K$ -- try_machine_keytab_princ: Trying to authenticate for SQUIDPROXY-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/localhost from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_password: Trying to authenticate for SQUIDPROXY-K$ with password. -- create_default_machine_password: Default machine password for SQUIDPROXY-K$ is squidproxy-k -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_password: Authentication with password failed -- try_user_creds: Checking if default ticket cache has tickets... -- finalize_exec: Authenticated using method 4 -- ldap_connect: Connecting to LDAP server: d02.xxxxxx.lan try_tls=YES -- ldap_connect: Connecting to LDAP server: d02.xxxxxx.lan try_tls=NO SASL/GSSAPI authentication started SASL username: squid@xxxxxxxxxx SASL SSF: 56 SASL data security layer installed. -- ldap_connect: LDAP_OPT_X_SASL_SSF=56 -- ldap_get_base_dn: Determining default LDAP base: dc=xxxxxxx,dc=LAN -- ldap_check_account: Checking that a computer account for SQUIDPROXY-K$ exists -- ldap_check_account: Computer account not found, create the account No computer account for SQUIDPROXY-K found, creating a new one. dn: cn=SQUIDPROXY-K,CN=Computers,dc=xxxxx,dc=LAN Error: ldap_add_ext_s failed (Insufficient access) -- ~KRB5Context: Destroying Kerberos Context ------------------------------------------------------------------------------------- */etc/krb5.conf * [libdefaults] default_realm = XXXXXXX.LAN dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h default_keytab_name = /etc/squid/PROXY.keytab ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 [realms] EMPDHPR.LAN = { kdc = d02.xxxxxx.lan admin_server = d02.xxxxxxx.lan default_domain = xxxxxxxx.lan } What i can do?? Is necessary another info??? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/AD-Ldap-automatically-take-the-user-that-is-logging-on-PC-tp4678994p4679081.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users