Search squid archive

Re: Kerberos - Cannot decrypt ticket for HTTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi David,
 
Thanks for your advice but it doesn't help me. I use AD account which haven't set these parameters.
 
Misha.
 
17.11.2022, 10:07, "David Touzeau" <david@xxxxxxxxxxxxxx>:
Hi

perhaps this one
https://wiki.articatech.com/en/proxy-service/troubleshooting/gss-cannot-decrypt-ticket


 
Le 16/11/2022 à 05:11, Михаил a écrit :
Hi everybody,
 
Could you help me to setup my new squid server? I have a problem with keytab authorization.
 
2022/11/16 11:35:39| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure.  Minor code may provide more information. Cannot decrypt ticket for HTTP/uisproxy-rop.***.***.corp@***.***.CORP using keytab key for HTTP/uisproxy-rop.***.***.corp@***.**.CORP; }}
Got NTLMSSP neg_flags=0xe2088297
2022/11/16 11:35:40| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure.  Minor code may provide more information. Cannot decrypt ticket for HTTP/uisproxy-rop.***.***.corp@***.***.CORP using keytab key for HTTP/uisproxy-rop.***.***.corp@***.***.CORP; }}
 
# kinit -V -k -t /etc/squid/keytab/uisproxy-rop-t.keytab HTTP/uisproxy-rop.***.***.corp
Using default cache: /tmp/krb5cc_0
Using keytab: /etc/squid/keytab/uisproxy-rop-t.keytab
Authenticated to Kerberos v5
 
# klist -ke /etc/squid/keytab/uisproxy-rop-t.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 uisproxy-rop-t$@***.***.CORP (arcfour-hmac)
   3 uisproxy-rop-t$@***.***.CORP (aes128-cts-hmac-sha1-96)
   3 uisproxy-rop-t$@***.***.CORP (aes256-cts-hmac-sha1-96)
   3 UISPROXY-ROP-T$@***.***.CORP (arcfour-hmac)
   3 UISPROXY-ROP-T$@***.***.CORP (aes128-cts-hmac-sha1-96)
   3 UISPROXY-ROP-T$@***.***.CORP (aes256-cts-hmac-sha1-96)
   3 HTTP/uisproxy-rop.***.***.corp@***.***.CORP (aes128-cts-hmac-sha1-96)
   3 HTTP/uisproxy-rop.***.***.corp@***.***.CORP (aes256-cts-hmac-sha1-96)
   3 host/uisproxy-rop@***.***.CORP (arcfour-hmac)
   3 host/uisproxy-rop@***.***.CORP (aes128-cts-hmac-sha1-96)
   3 host/uisproxy-rop@***.***.CORP (aes256-cts-hmac-sha1-96)
 
# klist -kt
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   3 11/16/2022 11:30:50 uisproxy-rop-t$@***.***.CORP
   3 11/16/2022 11:30:50 uisproxy-rop-t$@***.***.CORP
   3 11/16/2022 11:30:50 uisproxy-rop-t$@***.***.CORP
   3 11/16/2022 11:30:50 UISPROXY-ROP-T$@***.***.CORP
   3 11/16/2022 11:30:50 UISPROXY-ROP-T$@***.***.CORP
   3 11/16/2022 11:30:50 UISPROXY-ROP-T$@***.***.CORP
   3 11/16/2022 11:30:50 host/uisproxy-rop@***.***.CORP
   3 11/16/2022 11:30:50 host/uisproxy-rop@***.***.CORP
   3 11/16/2022 11:30:50 host/uisproxy-rop@***.***.CORP
 
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
 
-- 
David Touzeau - Artica Tech France
Development team, level 3 support
----------------------------------
P: +33 6 58 44 69 46
www: https://wiki.articatech.com
www: http://articatech.net 
,

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux