[squid-users] Trouble negotiate_kerberos_auth

Sat, 27 Aug 2016 09:33:05 -0700 

I have trouble to authenticate Squid3 with kerberos in Samba4 domain. I'm
using CentOS 7 and Squid 3.3.8 (yum install squid)

When I type the bellow command in terminal:
/usr/lib64/squid/negotiate_kerberos_auth -d -i -s HTTP/
proxy.cms.ensino...@cms.ensino.br
john xyz@12345

I have the following error:
negotiate_kerberos_auth.cc(315): pid=6364 :2016/08/27 10:44:33|
negotiate_kerberos_auth: DEBUG: Got 'john xyz@12345' from squid (length:
14).
negotiate_kerberos_auth.cc(362): pid=6364 :2016/08/27 10:44:33|
negotiate_kerberos_auth: ERROR: Invalid request [john xyz@12345]
BH invalid request


Here are my files configuration:

/etc/krb5.conf
[libdefaults]
    default_realm = CMS.ENSINO.BR
[realms]
    CMS.ENSINO.BR = {
    kdc = dc1.cms.ensino.br:88
    admin_server = dc1.cms.ensino.br
    default_domain = CMS.ENSINO.BR
    }
[domain_realm]
    .cms.ensino.br = CMS.ENSINO.BR
    cms.ensino.br = CMS.ENSINO.BR



Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 proxy-k$@CMS.ENSINO.BR
   1 proxy-k$@CMS.ENSINO.BR
   1 proxy-k$@CMS.ENSINO.BR
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br
   1 host/pr...@cms.ensino.br
   1 host/pr...@cms.ensino.br
   1 host/pr...@cms.ensino.br
   1 host/pr...@cms.ensino.br
   1 host/pr...@cms.ensino.br
   1 PROXY$@CMS.ENSINO.BR
   1 PROXY$@CMS.ENSINO.BR
   1 PROXY$@CMS.ENSINO.BR
   1 PROXY$@CMS.ENSINO.BR
   1 PROXY$@CMS.ENSINO.BR
   1 proxy-k$@CMS.ENSINO.BR
   1 proxy-k$@CMS.ENSINO.BR
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 HTTP/pr...@cms.ensino.br
   1 HTTP/pr...@cms.ensino.br
   1 HTTP/pr...@cms.ensino.br
   1 HTTP/pr...@cms.ensino.br
   1 HTTP/pr...@cms.ensino.br


Keytab name: FILE:/etc/squid/PROXY.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 proxy-k$@CMS.ENSINO.BR
   1 proxy-k$@CMS.ENSINO.BR
   1 proxy-k$@CMS.ENSINO.BR
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 HTTP/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br
   1 host/proxy.cms.ensino...@cms.ensino.br


/etc/sysconfig/squid
# default squid options
SQUID_OPTS=""
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
# default squid conf file
SQUID_CONF="/etc/squid/squid.conf"

KRB5_KTNAME=/etc/squid/PROXY.keytab
export KRB5_KTNAME


kinit and klist commands are OK.

Best Regards,

Márcio

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to