Anyone ? Le samedi 2 mai 2015, Olivier CALVANO <o.calv...@gmail.com> a écrit :
> Hi > > I request your help because i want use NTLM/Kerberos for authenticate my > user. > > For NTLM, i use Winbind, no problems, > > [root@gw]# wbinfo -t > checking the trust secret for domain MYADDOMAIN via RPC calls succeeded > > but for Kerberos, i can't create the .keytab > > > [root@gw]# kinit MYUSERNAME > Password for myusern...@myaddomain.fr > <javascript:_e(%7B%7D,'cvml','myusern...@myaddomain.fr');>: > > [root@gw]# klist > Ticket cache: KEYRING:persistent:0:0 > Default principal: myusern...@myaddomain.fr > <javascript:_e(%7B%7D,'cvml','myusern...@myaddomain.fr');> > > Valid starting Expires Service principal > 02/05/2015 04:51:25 02/05/2015 14:51:25 krbtgt/ > myaddomain...@myaddomain.fr > <javascript:_e(%7B%7D,'cvml','myaddomain...@myaddomain.fr');> > renew until 09/05/2015 04:51:07 > > MYUSERNAME is the same account that i join the domain (net join) with > winbind > > > after, i put: > > msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org > -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/ > gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose > > and i have a error: > > [root@gw etc]# msktutil -c -b "CN=COMPUTERS" -s HTTP/ > gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab > --computer-name OPHTCYSRV1V4-K --upn HTTP/ > gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose > -- init_password: Wiping the computer password structure > -- generate_new_password: Generating a new, random password for the > computer account > -- generate_new_password: Characters read from /dev/udandom = 84 > -- create_fake_krb5_conf: Created a fake krb5.conf file: > /tmp/.msktkrb5.conf-jnxTuG > -- reload: Reloading Kerberos Context > -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ > -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ > from local keytab... > -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed > (Client not found in Kerberos database) > -- try_machine_keytab_princ: Authentication with keytab failed > -- try_machine_keytab_princ: Trying to authenticate for host/ > gw.srv1-v4.tcy.myinternetdomain.org from local keytab... > -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed > (Client not found in Kerberos database) > -- try_machine_keytab_princ: Authentication with keytab failed > -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with > password. > -- create_default_machine_password: Default machine password for > OPHTCYSRV1V4-K$ is ophtcysrv1v4-k > -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client > not found in Kerberos database) > -- try_machine_password: Authentication with password failed > -- try_user_creds: Checking if default ticket cache has tickets... > -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials > cache found) > -- try_user_creds: User ticket cache was not valid. > Error: could not find any credentials to authenticate with. Neither keytab, > default machine password, nor calling user's tickets worked. Try > "kinit"ing yourself some tickets with permission to create computer > objects, or pre-creating the computer object in AD and selecting > 'reset account'. > -- ~KRB5Context: Destroying Kerberos Context > > > > same error if i change gw.srv1-v4.tcy.myinternetdomain.org to > ophtcysrv1v4.myaddomain.fr > > > anyone know the origin of this error ? > > thanks > Olivier > > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users