Which OS and Kerberos version do you have ? There might be some issue with the cache used KEYRING:persistent:0:0
Markus "Olivier CALVANO" <o.calv...@gmail.com> wrote in message news:CAJajPefo3t8b1=_v5pfj3h0gq4jk3oosutw8gnhy7z-gs21...@mail.gmail.com... Hi I request your help because i want use NTLM/Kerberos for authenticate my user. For NTLM, i use Winbind, no problems, [root@gw]# wbinfo -t checking the trust secret for domain MYADDOMAIN via RPC calls succeeded but for Kerberos, i can't create the .keytab [root@gw]# kinit MYUSERNAME Password for myusern...@myaddomain.fr: [root@gw]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: myusern...@myaddomain.fr Valid starting Expires Service principal 02/05/2015 04:51:25 02/05/2015 14:51:25 krbtgt/myaddomain...@myaddomain.fr renew until 09/05/2015 04:51:07 MYUSERNAME is the same account that i join the domain (net join) with winbind after, i put: msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose and i have a error: [root@gw etc]# msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/udandom = 84 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-jnxTuG -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/gw.srv1-v4.tcy.myinternetdomain.org from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with password. -- create_default_machine_password: Default machine password for OPHTCYSRV1V4-K$ is ophtcysrv1v4-k -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_password: Authentication with password failed -- try_user_creds: Checking if default ticket cache has tickets... -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials cache found) -- try_user_creds: User ticket cache was not valid. Error: could not find any credentials to authenticate with. Neither keytab, default machine password, nor calling user's tickets worked. Try "kinit"ing yourself some tickets with permission to create computer objects, or pre-creating the computer object in AD and selecting 'reset account'. -- ~KRB5Context: Destroying Kerberos Context same error if i change gw.srv1-v4.tcy.myinternetdomain.org to ophtcysrv1v4.myaddomain.fr anyone know the origin of this error ? thanks Olivier -------------------------------------------------------------------------------- _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
