Can you check with an ldap query (e.g. with ldapadmin from sourceforge) or
search with a filter "(serviceprincipalname=HTTP/fqdn_at_REALM)" if you have
duplicate entries ?
This kinit -k -t /etc/squid/squid.keytab HTTP/fqdn_at_REALM.KERBEROS will only
work if the userprincipal name is HTTP/fqdn_at_REALM.KERBEROS which I think is
not the case with ktpass.
Regards
Markus
"Umesh Bodalina" <u.bodalina_at_gmail.com> wrote in message
news:c3b47c041001120741n6c2edf4ftd67dbe4b5cf1e2f0_at_mail.gmail.com...
> Hi,
>
> I'm trying to get the squid helper squid_kerb_auth to work against our
> Active Directory (win 2003 sp2).
>
> I've compiled the latest squid version (squid-2.7.STABLE7)on CentOS 5.4
> 64 bit.
>
> Squid Cache: Version 2.7.STABLE7
> configure options: '--prefix=/usr/local/squid' '--disable-wccp'
> '--disable-wccpv2' '--enable-large-cache-files' '--with-large-files'
> '--enable-delay-pools' '--enable-cachemgr-hostname' '=fqdn'
> '--enable-ntlm-auth-helpers=SMB' '--enable-auth=basic,ntlm,negotiate'
> '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-snmp'
>
>
> A keytab file was create on AD for squid
> (HTTP/squid.domain_at_REALM.KERBEROS)
>
> ktpass -princ HTTP/fqdn_at_REALM -mapuser squiduser
> -pass password -out HTTP.keytab
>
> Transferred the file on the CentOS server and placed it
> in /etc/squid/HTTP.keytab
>
>
> kinit -k -t /etc/squid/squid.keytab HTTP/fqdn_at_REALM.KERBEROS
>
> I get the error message:
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
>
>
> I've also tried creating the keytab file using
> msktutil or samba according to the following doc:
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
>
> I get the same error.
>
> How do I sort out this problem?
>
> Thanks in advance.
> Regards
> Umesh
>
Received on Tue Jan 12 2010 - 22:51:48 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 13 2010 - 12:00:03 MST