I have trouble to authenticate Squid3 with kerberos in Samba4 domain. I'm using CentOS 7 and Squid 3.3.8 (yum install squid)
When I type the bellow command in terminal:
/usr/lib64/squid/negotiate_kerberos_auth -d -i -s HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
john xyz@12345
I have the following error:
negotiate_kerberos_auth.cc(315): pid=6364 :2016/08/27 10:44:33| negotiate_kerberos_auth: DEBUG: Got 'john xyz@12345' from squid (length: 14).
negotiate_kerberos_auth.cc(362): pid=6364 :2016/08/27 10:44:33| negotiate_kerberos_auth: ERROR: Invalid request [john xyz@12345]
BH invalid request
Here are my files configuration:
/etc/krb5.conf
[libdefaults]
default_realm = CMS.ENSINO.BR
[realms]
CMS.ENSINO.BR = {
kdc = dc1.cms.ensino.br:88
admin_server = dc1.cms.ensino.br
default_domain = CMS.ENSINO.BR
}
[domain_realm]
.cms.ensino.br = CMS.ENSINO.BR
cms.ensino.br = CMS.ENSINO.BR
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
Keytab name: FILE:/etc/squid/PROXY.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
/etc/sysconfig/squid
# default squid options
SQUID_OPTS=""
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
# default squid conf file
SQUID_CONF="/etc/squid/squid.conf"
KRB5_KTNAME=/etc/squid/PROXY.keytab
export KRB5_KTNAME
/usr/lib64/squid/negotiate_kerberos_auth -d -i -s HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
john xyz@12345
I have the following error:
negotiate_kerberos_auth.cc(315): pid=6364 :2016/08/27 10:44:33| negotiate_kerberos_auth: DEBUG: Got 'john xyz@12345' from squid (length: 14).
negotiate_kerberos_auth.cc(362): pid=6364 :2016/08/27 10:44:33| negotiate_kerberos_auth: ERROR: Invalid request [john xyz@12345]
BH invalid request
Here are my files configuration:
/etc/krb5.conf
[libdefaults]
default_realm = CMS.ENSINO.BR
[realms]
CMS.ENSINO.BR = {
kdc = dc1.cms.ensino.br:88
admin_server = dc1.cms.ensino.br
default_domain = CMS.ENSINO.BR
}
[domain_realm]
.cms.ensino.br = CMS.ENSINO.BR
cms.ensino.br = CMS.ENSINO.BR
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 host/PROXY@xxxxxxxxxxxxx
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 PROXY$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
1 HTTP/PROXY@xxxxxxxxxxxxx
Keytab name: FILE:/etc/squid/PROXY.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 proxy-k$@CMS.ENSINO.BR
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
1 host/proxy.cms.ensino.br@xxxxxxxxxxxxx
/etc/sysconfig/squid
# default squid options
SQUID_OPTS=""
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
# default squid conf file
SQUID_CONF="/etc/squid/squid.conf"
KRB5_KTNAME=/etc/squid/PROXY.keytab
export KRB5_KTNAME
kinit and klist commands are OK.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users