Hi David,
Thanks for your advice but it doesn't help me. I use AD account which haven't set these parameters.
Misha.
17.11.2022, 10:07, "David Touzeau" <david@xxxxxxxxxxxxxx>:
Hi,
perhaps this one
https://wiki.articatech.com/en/proxy-service/troubleshooting/gss-cannot-decrypt-ticket
Le 16/11/2022 à 05:11, Михаил a écrit :Hi everybody,Could you help me to setup my new squid server? I have a problem with keytab authorization.2022/11/16 11:35:39| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Cannot decrypt ticket for HTTP/uisproxy-rop.***.***.corp@***.***.CORP using keytab key for HTTP/uisproxy-rop.***.***.corp@***.**.CORP; }}Got NTLMSSP neg_flags=0xe20882972022/11/16 11:35:40| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Cannot decrypt ticket for HTTP/uisproxy-rop.***.***.corp@***.***.CORP using keytab key for HTTP/uisproxy-rop.***.***.corp@***.***.CORP; }}# kinit -V -k -t /etc/squid/keytab/uisproxy-rop-t.keytab HTTP/uisproxy-rop.***.***.corpUsing default cache: /tmp/krb5cc_0Using principal: HTTP/uisproxy-rop.***.***.corp@***.***.CORPUsing keytab: /etc/squid/keytab/uisproxy-rop-t.keytabAuthenticated to Kerberos v5# klist -ke /etc/squid/keytab/uisproxy-rop-t.keytabKeytab name: FILE:/etc/squid/keytab/uisproxy-rop-t.keytabKVNO Principal---- --------------------------------------------------------------------------3 uisproxy-rop-t$@***.***.CORP (arcfour-hmac)3 uisproxy-rop-t$@***.***.CORP (aes128-cts-hmac-sha1-96)3 uisproxy-rop-t$@***.***.CORP (aes256-cts-hmac-sha1-96)3 UISPROXY-ROP-T$@***.***.CORP (arcfour-hmac)3 UISPROXY-ROP-T$@***.***.CORP (aes128-cts-hmac-sha1-96)3 UISPROXY-ROP-T$@***.***.CORP (aes256-cts-hmac-sha1-96)3 HTTP/uisproxy-rop.***.***.corp@***.***.CORP (arcfour-hmac)3 HTTP/uisproxy-rop.***.***.corp@***.***.CORP (aes128-cts-hmac-sha1-96)3 HTTP/uisproxy-rop.***.***.corp@***.***.CORP (aes256-cts-hmac-sha1-96)3 host/uisproxy-rop@***.***.CORP (arcfour-hmac)3 host/uisproxy-rop@***.***.CORP (aes128-cts-hmac-sha1-96)3 host/uisproxy-rop@***.***.CORP (aes256-cts-hmac-sha1-96)# klist -ktKeytab name: FILE:/etc/squid/keytab/uisproxy-rop-t.keytabKVNO Timestamp Principal---- ------------------- ------------------------------------------------------3 11/16/2022 11:30:50 uisproxy-rop-t$@***.***.CORP3 11/16/2022 11:30:50 uisproxy-rop-t$@***.***.CORP3 11/16/2022 11:30:50 uisproxy-rop-t$@***.***.CORP3 11/16/2022 11:30:50 UISPROXY-ROP-T$@***.***.CORP3 11/16/2022 11:30:50 UISPROXY-ROP-T$@***.***.CORP3 11/16/2022 11:30:50 UISPROXY-ROP-T$@***.***.CORP3 11/16/2022 11:30:50 HTTP/uisproxy-rop.***.***.corp@***.***.CORP3 11/16/2022 11:30:50 HTTP/uisproxy-rop.***.***.corp@***.***.CORP3 11/16/2022 11:30:50 HTTP/uisproxy-rop.***.***.corp@***.***.CORP3 11/16/2022 11:30:50 host/uisproxy-rop@***.***.CORP3 11/16/2022 11:30:50 host/uisproxy-rop@***.***.CORP3 11/16/2022 11:30:50 host/uisproxy-rop@***.***.CORP_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users-- David Touzeau - Artica Tech France Development team, level 3 support ---------------------------------- P: +33 6 58 44 69 46 www: https://wiki.articatech.com www: http://articatech.net_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users