Re: Problem with Kerberos ticket keytab

[Flashdown <flashdown@xxxxxxxxxxxxx>]

I am answering to fast, but I am writing in my little break, so sorry 
for that :D forget my last mail regarding "to call it correctly" that 
was misleading and wrong. sure you are talking about the HTTP SPN which 
have the same KVNO. So if you want to get rid of it delete the computer 
object, as your are updating all the SPN's that the Computer Object 
holds. If you use the Attribut-Editor you may can modify the Attribut 
servicePrincipalName and delete the wrong one and recreate the keytab 
afterwards, without deleting the Computer Object at all.



Am 2018-02-05 16:39, schrieb Flashdown:
> Just to call it correctly, what is wrong is the host principle after
> you have deleted the computer object and waited for the object to
> disappear on other DC's as well (if you have replication between dc's)
> and rejoined it, it should be as you want it to be. Hope this helps
> with your setup.
>
> Am 5. Februar 2018 16:12:29 MEZ schrieb Flashdown
> <flashdown@xxxxxxxxxxxxx>:
>
> > Delete the Computer Object in Active Directory to clear these spn's
> > up.
> >
> > Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9
> > <erdosain9@xxxxxxxxx>:
> >
> > > Hi to all.
> > >
> > > The squid was working fine, but i made a mistake and... delete the
> > > proxy.keytab. I try to do it again, but make a mistake in the
> > > syntax
> > >
> > > wrong syntax (the real name is not squidproxy.domain.lan is
> > > squid.domain.lan):
> > >
> > > msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
> > > /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
> > > HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose
> > > --enctypes 28
> > >
> > > now i put well the syntax, but the keytab is wrong... why??
> > >
> > > well syntax:
> > >
> > > msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h
> > > squid.domain.lan
> > > -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
> > > HTTP/squid.domain.lan --server adw-1.domain.lan --verbose
> > > --enctypes 28
> > >
> > > [root@squid squid]# ktutil
> > > ktutil:  read_kt PROXY.keytab
> > > ktutil:  l
> > > slot KVNO Principal
> > > ---- ----
> > >
> > > -------------------------
> > >
> > > 1   18                 squidproxy-k$@DOMAIN.LAN
> > > 2   18                 squidproxy-k$@DOMAIN.LAN
> > > 3   18                 squidproxy-k$@DOMAIN.LAN
> > > 4   18    HTTP/squidproxy.DOMAIN.lan@xxxxxxxxxx
> > > 5   18    HTTP/squidproxy.DOMAIN.lan@xxxxxxxxxx
> > > 6   18    HTTP/squidproxy.DOMAIN.lan@xxxxxxxxxx
> > > 7   18         host/squid.DOMAIN.lan@xxxxxxxxxx
> > > 8   18         host/squid.DOMAIN.lan@xxxxxxxxxx
> > > 9   18         host/squid.DOMAIN.lan@xxxxxxxxxx
> > > 10   18         HTTP/squid.DOMAIN.lan@xxxxxxxxxx
> > > 11   18         HTTP/squid.DOMAIN.lan@xxxxxxxxxx
> > > 12   18         HTTP/squid.DOMAIN.lan@xxxxxxxxxx
> > >
> > > Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???
> > >
> > > Thanks to all!!
> > >
> > > --
> > > Sent from:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
> > > -------------------------
> > >
> > > squid-users mailing list
> > > squid-users@xxxxxxxxxxxxxxxxxxxxx
> > > http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users