subject:"\[squid\-users\] Re\: No Kerberos Auth"

AW: [squid-users] Re: No Kerberos Auth

2012-11-01 Thread Jarosch, Ralph

OK i found the Problem,
If Kerberos activated I have the following iostat 

Device: rrqm/s   wrqm/s r/s w/srkB/swkB/s avgrq-sz 
avgqu-sz   await  svctm  %util
sda   0,00  1306,600,00  192,20 0,00  5779,2060,14
12,77   59,86   3,34  64,16
dm-0  0,00 0,000,00 1507,40 0,00  6029,60 8,00   
184,16  114,43   0,43  64,20
dm-1  0,00 0,000,000,00 0,00 0,00 0,00 
0,000,00   0,00   0,00
dm-2  0,00 0,000,000,00 0,00 0,00 0,00 
0,000,00   0,00   0,00


if I disable Kerberos

I get something like this.


Device: rrqm/s   wrqm/s r/s w/srkB/swkB/s avgrq-sz 
avgqu-sz   await  svctm  %util
sda   0,00 1,200,000,80 0,00 8,0020,00 
0,018,75   6,50   0,52
dm-0  0,00 0,000,002,00 0,00 8,00 8,00 
0,029,50   2,60   0,52
dm-1  0,00 0,000,000,00 0,00 0,00 0,00 
0,000,00   0,00   0,00
dm-2  0,00 0,000,000,00 0,00 0,00 0,00 
0,000,00   0,00   0,00


So can someone tell me which files are handled by the helper ???


-Ursprüngliche Nachricht-
Von: Jarosch, Ralph [mailto:ralph.jaro...@justiz.niedersachsen.de] 
Gesendet: Donnerstag, 1. November 2012 13:49
An: Jarosch, Ralph; Markus Moeller; squid-users@squid-cache.org
Betreff: AW: [squid-users] Re: No Kerberos Auth

Hello Markus,

i`ve found some answere from you in this thread 
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-kerb-auth-High-CPU-load-td4569213.html
where you wrote that it is better to deactivate the Kerberos replay cache by 
KRB5RCACHETYPE=none export KRB5RCACHETYPE

So I have made this. But when I now look into /var/tmp I see something like this

524289   4 drwxr-xr-x. 21 root  root4096 23. Feb 2012  ..
524658   4 -rw---   1 root  root   6 31. Okt 12:31 host_0
556670 160 -rw---   1 squid squid 159568  1. Nov 13:37 HTTP_23
556440 644 -rw---   1 root  squid 654291  1. Nov 11:51 HTTP--PROXY--2-044_0
556647 420 -rw---   1 squid squid 426700  1. Nov 13:45 HTTP--PROXY--2-044_23
556778 348 -rw---   1 squid squid 355498  1. Nov 13:45 krb5_RC0wgu89
556770 364 -rw---   1 squid squid 371134  1. Nov 13:45 krb5_RC1QKQZZ
556768 416 -rw---   1 squid squid 421926  1. Nov 13:45 krb5_RC2ARJDz
556485 316 -rw---   1 squid squid 322303  1. Nov 13:45 krb5_RC2sAN8f
556531 408 -rw---   1 squid squid 416501  1. Nov 13:45 krb5_RC320K4T
556553 344 -rw---   1 squid squid 350302  1. Nov 13:45 krb5_RC3IzwzV
556454 360 -rw---   1 squid squid 365480  1. Nov 13:45 krb5_RC4EQh3a
556772 344 -rw---   1 squid squid 350507  1. Nov 13:45 krb5_RC6RujE6
556563 364 -rw---   1 squid squid 370475  1. Nov 13:45 krb5_RC6tC21J
556549 408 -rw---   1 squid squid 416501  1. Nov 13:45 krb5_RC80gA4N
556721 416 -rw---   1 squid squid 425832  1. Nov 13:45 krb5_RC978V2v
556701 364 -rw---   1 squid squid 371785  1. Nov 13:45 krb5_RC9XR0Kd
556644   4 -rw---   1 squid squid  6  1. Nov 13:45 krb5_RCaU8YfR
556764 420 -rw---   1 squid squid 426049  1. Nov 13:45 krb5_RCAzy0sk
556659 376 -rw---   1 squid squid 384588  1. Nov 13:45 krb5_RCBiW1Mh
556510 312 -rw---   1 squid squid 316872  1. Nov 13:45 krb5_RCc6zIYF
556508 300 -rw---   1 squid squid 303631  1. Nov 13:45 krb5_RCcaI3VJ
556461 400 -rw---   1 squid squid 406085  1. Nov 13:45 krb5_RCClg8Et
556504 344 -rw---   1 squid squid 348337  1. Nov 13:45 krb5_RCCs6MQJ
556439   4 -rw---   1 squid squid  2  1. Nov 13:45 krb5_RCdo383X
556566 332 -rw---   1 squid squid 338789  1. Nov 13:45 krb5_RCE8GITQ
556578 332 -rw---   1 squid squid 336408  1. Nov 13:45 krb5_RCF9gZsN
556595 460 -rw---   1 squid squid 470968  1. Nov 13:45 krb5_RCFUodDG
556488 416 -rw---   1 squid squid 425832  1. Nov 13:45 krb5_RCGTDiEB
556709 332 -rw---   1 squid squid 337710  1. Nov 13:45 krb5_RCgTwJ3f
556648 348 -rw---   1 squid squid 353328  1. Nov 13:45 krb5_RCisx5n4
556759 380 -rw---   1 squid squid 385890  1. Nov 13:45 krb5_RCJEBAOp
556758 340 -rw---   1 squid squid 344220  1. Nov 13:45 krb5_RCJg0eSd
556432 420 -rw---   1 squid squid 426049  1. Nov 13:45 krb5_RCJj4rHQ
556481 360 -rw---   1 squid squid 367662  1. Nov 13:45 krb5_RCJreSOm
556675 352 -rw---   1 squid squid 359199  1. Nov 13:45 krb5_RCJZYypn
556711 420 -rw---   1 squid squid 426049  1. Nov 13:45 krb5_RCkRw9Ze
556777 340 -rw---   1 squid squid 347469  1. Nov 13:45 krb5_RCL3Tgal
556760 344 -rw---   1 squid squid 350302  1. Nov 13:45 krb5_RCLrZ1Di
556497 408 -rw---   1 squid squid 416501  1. Nov 13:45 krb5_RClv9U8x
556522 364 -rw---   1 squid squid 372736  1. Nov 13:45 krb5_RCN4uERP
556773 396 -rw---   1 squid squid 404335  1. Nov 13:45 krb5_RCNkZeTL
556774 368 -rw---   1 squid squid 375032

AW: [squid-users] Re: No Kerberos Auth

2012-11-01 Thread Jarosch, Ralph

  1. Nov 13:45 krb5_RCVyqbdR
556562 428 -rw---   1 squid squid 435814  1. Nov 13:45 krb5_RCweNiOb
556767 356 -rw---   1 squid squid 363105  1. Nov 13:45 krb5_RCX0E5Nx
556528 380 -rw---   1 squid squid 387184  1. Nov 13:45 krb5_RCxqyzb8
556679 360 -rw---   1 squid squid 365697  1. Nov 13:45 krb5_RCY3iZtC
556769 420 -rw---   1 squid squid 426700  1. Nov 13:45 krb5_RCyBEWeQ
556756 380 -rw---   1 squid squid 386533  1. Nov 13:45 krb5_RCyyMnv4
556757 376 -rw---   1 squid squid 382852  1. Nov 13:45 krb5_RCz2Efgl
556776 340 -rw---   1 squid squid 346167  1. Nov 13:45 krb5_RCz5IwSr
556766 344 -rw---   1 squid squid 349217  1. Nov 13:45 krb5_RCzEkkFY
556436 420 -rw---   1 squid squid 426049  1. Nov 13:45 krb5_RCZoP903


Why is that happen 

Do you know some solution ???

Thank you

Ralph
-Ursprüngliche Nachricht-
Von: Jarosch, Ralph [mailto:ralph.jaro...@justiz.niedersachsen.de] 
Gesendet: Donnerstag, 1. November 2012 11:47
An: Markus Moeller; squid-users@squid-cache.org
Betreff: AW: [squid-users] Re: No Kerberos Auth

Wonderfull now it works  But i`ve got   a little bit slow. 
Is there any limitation how many negotiate_wrapper I can start ?
Actually I use 250 and everyone is still busy 



-Ursprüngliche Nachricht-
Von: Markus Moeller [mailto:hua...@moeller.plus.com]
Gesendet: Mittwoch, 31. Oktober 2012 21:22
An: squid-users@squid-cache.org
Betreff: [squid-users] Re: No Kerberos Auth

Hi Ralph,

If you use NTLM and Kerberos make sure you do NOT use the sam AD account for 
both.  The samba daemon will change the password on a regular basis which will 
bring the keytab out of sync with the AD acccount.

Your proxy will not need any kerberos cache (except if you use my 
squid_kerb_ldap module but it is not the root user cache as you show below).

Markus


"Jarosch, Ralph"  wrote in message 
news:c644cb972edfa3488cfd140b498136231b5e9...@justizcembx14.justiz.niedersachsen.de...
I've found this today. why is the last ticket not renewed ?? Could that point 
the problem

[root@http-proxy ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de

Valid starting ExpiresService principal
10/30/12 14:47:38  10/31/12 00:47:37
krbtgt/justiz.niedersachsen...@justiz.niedersachsen.de
renew until 10/31/12 14:47:38
10/30/12 15:24:49  10/31/12 00:47:37
ldap/justizhadc01.justiz.niedersachsen...@justiz.niedersachsen.de
renew until 10/31/12 14:47:38
10/30/12 15:24:49  10/30/12 15:26:49
kadmin/chang...@justiz.niedersachsen.de
renew until 10/30/12 15:26:49





-Ursprüngliche Nachricht-
Von: Jarosch, Ralph [mailto:ralph.jaro...@justiz.niedersachsen.de]
Gesendet: Dienstag, 30. Oktober 2012 15:27
An: Bastien Ceriani
Cc: squid-users@squid-cache.org
Betreff: AW: [squid-users] No Kerberos Auth

I think encrypte Type is already 28.
This is the output with -- encrypt 28

-- ldap_set_supportedEncryptionTypes: No need to change 
msDs-supportedEncryptionTypes they are 28

Von: Jarosch, Ralph
Gesendet: Dienstag, 30. Oktober 2012 15:24
An: 'Bastien Ceriani'
Cc: squid-users@squid-cache.org
Betreff: AW: [squid-users] No Kerberos Auth

Oh ok.. yes it work fine until ten minute i wrote the mail. There it crashed 
from one minute to the other I'am just troubleshoot the problem..


Von: Bastien Ceriani [mailto:bastien.ceri...@bulkypix.com]
Gesendet: Dienstag, 30. Oktober 2012 15:16
An: Jarosch, Ralph
Cc: squid-users@squid-cache.org
Betreff: Re: [squid-users] No Kerberos Auth

Ok Thx,

With Windows Server 2008 you should use --enctypes 28 parameter with msktutils 
command.

Did your ntlm authentification work fine ? How did you configure it ? With 
Samba/Winbind ?
On Tue, Oct 30, 2012 at 3:08 PM, Jarosch, Ralph 
 wrote:
OK for wireshark i must wait for tonight because no one here can work If enable 
authentication

My keytab

Keytab name: WRFILE:/etc/squid/HTTP.keytab KVNO Timestamp Principal
 - 
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE (arcfour-hmac)
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE
(aes256-cts-hmac-sha1-96)
6 10/30/12 09:47:42
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de
(arcfour-hmac)
6 10/30/12 09:47:42
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de
(aes256-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de (arcfour-hmac)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de
(aes256-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HOST/http-pr...@justiz.niedersachsen.de (arcfour-hmac)
6

AW: [squid-users] Re: No Kerberos Auth

2012-11-01 Thread Jarosch, Ralph

Wonderfull now it works  But i`ve got   a little bit slow. 
Is there any limitation how many negotiate_wrapper I can start ?
Actually I use 250 and everyone is still busy 



-Ursprüngliche Nachricht-
Von: Markus Moeller [mailto:hua...@moeller.plus.com] 
Gesendet: Mittwoch, 31. Oktober 2012 21:22
An: squid-users@squid-cache.org
Betreff: [squid-users] Re: No Kerberos Auth

Hi Ralph,

If you use NTLM and Kerberos make sure you do NOT use the sam AD account for 
both.  The samba daemon will change the password on a regular basis which will 
bring the keytab out of sync with the AD acccount.

Your proxy will not need any kerberos cache (except if you use my 
squid_kerb_ldap module but it is not the root user cache as you show below).

Markus


"Jarosch, Ralph"  wrote in message 
news:c644cb972edfa3488cfd140b498136231b5e9...@justizcembx14.justiz.niedersachsen.de...
I've found this today. why is the last ticket not renewed ?? Could that point 
the problem

[root@http-proxy ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de

Valid starting ExpiresService principal
10/30/12 14:47:38  10/31/12 00:47:37
krbtgt/justiz.niedersachsen...@justiz.niedersachsen.de
renew until 10/31/12 14:47:38
10/30/12 15:24:49  10/31/12 00:47:37
ldap/justizhadc01.justiz.niedersachsen...@justiz.niedersachsen.de
renew until 10/31/12 14:47:38
10/30/12 15:24:49  10/30/12 15:26:49
kadmin/chang...@justiz.niedersachsen.de
renew until 10/30/12 15:26:49





-Ursprüngliche Nachricht-
Von: Jarosch, Ralph [mailto:ralph.jaro...@justiz.niedersachsen.de]
Gesendet: Dienstag, 30. Oktober 2012 15:27
An: Bastien Ceriani
Cc: squid-users@squid-cache.org
Betreff: AW: [squid-users] No Kerberos Auth

I think encrypte Type is already 28.
This is the output with -- encrypt 28

-- ldap_set_supportedEncryptionTypes: No need to change 
msDs-supportedEncryptionTypes they are 28

Von: Jarosch, Ralph
Gesendet: Dienstag, 30. Oktober 2012 15:24
An: 'Bastien Ceriani'
Cc: squid-users@squid-cache.org
Betreff: AW: [squid-users] No Kerberos Auth

Oh ok.. yes it work fine until ten minute i wrote the mail. There it crashed 
from one minute to the other I'am just troubleshoot the problem..


Von: Bastien Ceriani [mailto:bastien.ceri...@bulkypix.com]
Gesendet: Dienstag, 30. Oktober 2012 15:16
An: Jarosch, Ralph
Cc: squid-users@squid-cache.org
Betreff: Re: [squid-users] No Kerberos Auth

Ok Thx,

With Windows Server 2008 you should use --enctypes 28 parameter with 
msktutils command.

Did your ntlm authentification work fine ? How did you configure it ? With 
Samba/Winbind ?
On Tue, Oct 30, 2012 at 3:08 PM, Jarosch, Ralph 
 wrote:
OK for wireshark i must wait for tonight because no one here can work If 
enable authentication

My keytab

Keytab name: WRFILE:/etc/squid/HTTP.keytab KVNO Timestamp Principal
 - 
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE (arcfour-hmac)
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE 
(aes256-cts-hmac-sha1-96)
6 10/30/12 09:47:42 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de 
(arcfour-hmac)
6 10/30/12 09:47:42 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de 
(aes256-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de (arcfour-hmac)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de 
(aes256-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HOST/http-pr...@justiz.niedersachsen.de (arcfour-hmac)
6 10/30/12 09:47:42 HOST/http-pr...@justiz.niedersachsen.de 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HOST/http-pr...@justiz.niedersachsen.de 
(aes256-cts-hmac-sha1-96)


My Squid.conf


auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -d -i -s 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de
auth_param negotiate children 100
auth_param negotiate keep_alive on


auth_param ntlm keep_alive on
auth_param ntlm program 
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 200

#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program 
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic 
children 200 auth_param basic realm Squid proxy-caching web server 
auth_param basic credentialsttl 5 hours


and my msktutil

msktutil -c -b "OU=Sonstige Server,OU=Globale 
Dienste,DC=justiz,DC=niedersachsen,DC=de" -s 
HTTP/http-proxy.justiz.niedersachsen.de -h 
http-proxy.justiz.niedersachsen.de -k /etc/HTTP.keytab --c

[squid-users] Re: No Kerberos Auth

2012-10-31 Thread Markus Moeller


Hi Ralph,

If you use NTLM and Kerberos make sure you do NOT use the sam AD account for 
both.  The samba daemon will change the password on a regular basis which 
will bring the keytab out of sync with the AD acccount.


Your proxy will not need any kerberos cache (except if you use my 
squid_kerb_ldap module but it is not the root user cache as you show below).


Markus


"Jarosch, Ralph"  wrote in message 
news:c644cb972edfa3488cfd140b498136231b5e9...@justizcembx14.justiz.niedersachsen.de...
I've found this today. why is the last ticket not renewed ?? Could that 
point the problem


[root@http-proxy ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de


Valid starting ExpiresService principal
10/30/12 14:47:38  10/31/12 00:47:37 
krbtgt/justiz.niedersachsen...@justiz.niedersachsen.de

   renew until 10/31/12 14:47:38
10/30/12 15:24:49  10/31/12 00:47:37 
ldap/justizhadc01.justiz.niedersachsen...@justiz.niedersachsen.de

   renew until 10/31/12 14:47:38
10/30/12 15:24:49  10/30/12 15:26:49 
kadmin/chang...@justiz.niedersachsen.de

   renew until 10/30/12 15:26:49





-Ursprüngliche Nachricht-
Von: Jarosch, Ralph [mailto:ralph.jaro...@justiz.niedersachsen.de]
Gesendet: Dienstag, 30. Oktober 2012 15:27
An: Bastien Ceriani
Cc: squid-users@squid-cache.org
Betreff: AW: [squid-users] No Kerberos Auth

I think encrypte Type is already 28.
This is the output with -- encrypt 28

-- ldap_set_supportedEncryptionTypes: No need to change 
msDs-supportedEncryptionTypes they are 28


Von: Jarosch, Ralph
Gesendet: Dienstag, 30. Oktober 2012 15:24
An: 'Bastien Ceriani'
Cc: squid-users@squid-cache.org
Betreff: AW: [squid-users] No Kerberos Auth

Oh ok.. yes it work fine until ten minute i wrote the mail. There it crashed 
from one minute to the other I'am just troubleshoot the problem..



Von: Bastien Ceriani [mailto:bastien.ceri...@bulkypix.com]
Gesendet: Dienstag, 30. Oktober 2012 15:16
An: Jarosch, Ralph
Cc: squid-users@squid-cache.org
Betreff: Re: [squid-users] No Kerberos Auth

Ok Thx,

With Windows Server 2008 you should use --enctypes 28 parameter with 
msktutils command.


Did your ntlm authentification work fine ? How did you configure it ? With 
Samba/Winbind ?
On Tue, Oct 30, 2012 at 3:08 PM, Jarosch, Ralph 
 wrote:
OK for wireshark i must wait for tonight because no one here can work If 
enable authentication


My keytab

Keytab name: WRFILE:/etc/squid/HTTP.keytab KVNO Timestamp Principal
 - 
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE (arcfour-hmac)
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 http-proxy$@JUSTIZ.NIEDERSACHSEN.DE 
(aes256-cts-hmac-sha1-96)
6 10/30/12 09:47:42 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de 
(arcfour-hmac)
6 10/30/12 09:47:42 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de 
(aes256-cts-hmac-sha1-96)

6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de (arcfour-hmac)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HTTP/http-pr...@justiz.niedersachsen.de 
(aes256-cts-hmac-sha1-96)

6 10/30/12 09:47:42 HOST/http-pr...@justiz.niedersachsen.de (arcfour-hmac)
6 10/30/12 09:47:42 HOST/http-pr...@justiz.niedersachsen.de 
(aes128-cts-hmac-sha1-96)
6 10/30/12 09:47:42 HOST/http-pr...@justiz.niedersachsen.de 
(aes256-cts-hmac-sha1-96)



My Squid.conf


auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -d -i -s 
HTTP/http-proxy.justiz.niedersachsen...@justiz.niedersachsen.de

auth_param negotiate children 100
auth_param negotiate keep_alive on


auth_param ntlm keep_alive on
auth_param ntlm program 
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp

auth_param ntlm children 200

#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program 
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic 
children 200 auth_param basic realm Squid proxy-caching web server 
auth_param basic credentialsttl 5 hours



and my msktutil

msktutil -c -b "OU=Sonstige Server,OU=Globale 
Dienste,DC=justiz,DC=niedersachsen,DC=de" -s 
HTTP/http-proxy.justiz.niedersachsen.de -h 
http-proxy.justiz.niedersachsen.de -k /etc/HTTP.keytab --computer-name 
http-proxy --upn HTTP/http-proxy.justiz.niedersachsen.de --server 
justizhadc01.justiz.niedersachsen.de --verbose




We use Windows 2008 R2 Server


Von: Bastien Ceriani [mailto:bastien.ceri...@bulkypix.com]
Gesendet: Dienstag, 30. Oktober 2012 15:00
An: Jarosch, Ralph
Betreff: Re: [squid-users] No Kerberos Auth

I'm in the same case..
Try to check kerberos TGS REQ and TGS REP with wireshark ?

Can you display :
- your

AW: [squid-users] Re: No Kerberos Auth

AW: [squid-users] Re: No Kerberos Auth

AW: [squid-users] Re: No Kerberos Auth

[squid-users] Re: No Kerberos Auth

4 matches

Site Navigation

Mail list logo

Footer information