Hi Emmanuel,
You did not use -s GSS_C_NO_NAME as I mentioned in my first mail did you
?
Regards
Markus
"Emmanuel Lesouef" <e.lesouef_at_crbn.fr> wrote in message
news:20100608100923.7ee7ee6a_at_nienor.local...
Le Tue, 8 Jun 2010 00:21:11 +0100,
"Markus Moeller" <huaraz_at_moeller.plus.com> a écrit :
> Hi Emmanuel,
>
> Can you resolve proxy.xx.yy and then resolve the ip-address you
> get to a name ?
>
> Markus
I couldn't, so I made some PTR records and now I have a working keytab
with the following msktuil command line :
msktutil -c -b "CN=COMPUTERS" -s HTTP/proxy.xx.yy -h
proxy.xx.yy -k /etc/squid/SQUID.keytab --computer-name proxy --upn
HTTP/proxy.xx.yy --server dc1.xx.yy --verbose
NTLM auth works great, but not the Kerberos one, with the following
lines in squid.conf :
auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d
auth_param negotiate children 10
auth_param negotiate keep_alive on
Here is what I got in cache.log :
2010/06/08 10:02:20| squid_kerb_auth: parseNegTokenInit failed with
rc=102
2010/06/08 10:02:20| squid_kerb_auth: gss_acquire_cred() failed:
Unspecified GSS failure. Minor code may provide more information. No
principal in keytab matches desired name
I suppose there is something missing. But what ?
Thanks for your help.
-- Emmanuel LesouefReceived on Tue Jun 08 2010 - 18:50:24 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 25 2010 - 12:00:04 MDT