Hi
Thanks for your answer CentOS Linux release 7.1.1503 (Core) krb5-workstation-1.12.2-14.el7.x86_64 krb5-libs-1.12.2-14.el7.x86_64 regards olivier 2015-05-03 0:25 GMT+02:00 Markus Moeller <hua...@moeller.plus.com>: > Which OS and Kerberos version do you have ? There might be some issue > with the cache used KEYRING:persistent:0:0 > Markus > > "Olivier CALVANO" <o.calv...@gmail.com> wrote in message > news:CAJajPefo3t8b1=_v5pfj3h0gq4jk3oosutw8gnhy7z-gs21...@mail.gmail.com... > Hi > > I request your help because i want use NTLM/Kerberos for authenticate my > user. > > For NTLM, i use Winbind, no problems, > > [root@gw]# wbinfo -t > checking the trust secret for domain MYADDOMAIN via RPC calls succeeded > > but for Kerberos, i can't create the .keytab > > > [root@gw]# kinit MYUSERNAME > Password for myusern...@myaddomain.fr: > > [root@gw]# klist > Ticket cache: KEYRING:persistent:0:0 > Default principal: myusern...@myaddomain.fr > > Valid starting Expires Service principal > 02/05/2015 04:51:25 02/05/2015 14:51:25 krbtgt/ > myaddomain...@myaddomain.fr > renew until 09/05/2015 04:51:07 > > MYUSERNAME is the same account that i join the domain (net join) with > winbind > > > after, i put: > > msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org > -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/ > gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose > > and i have a error: > > [root@gw etc]# msktutil -c -b "CN=COMPUTERS" -s HTTP/ > gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab > --computer-name OPHTCYSRV1V4-K --upn HTTP/ > gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose > -- init_password: Wiping the computer password structure > -- generate_new_password: Generating a new, random password for the > computer account > -- generate_new_password: Characters read from /dev/udandom = 84 > -- create_fake_krb5_conf: Created a fake krb5.conf file: > /tmp/.msktkrb5.conf-jnxTuG > -- reload: Reloading Kerberos Context > -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ > -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ > from local keytab... > -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed > (Client not found in Kerberos database) > -- try_machine_keytab_princ: Authentication with keytab failed > -- try_machine_keytab_princ: Trying to authenticate for host/ > gw.srv1-v4.tcy.myinternetdomain.org from local keytab... > -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed > (Client not found in Kerberos database) > -- try_machine_keytab_princ: Authentication with keytab failed > -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with > password. > -- create_default_machine_password: Default machine password for > OPHTCYSRV1V4-K$ is ophtcysrv1v4-k > -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client > not found in Kerberos database) > -- try_machine_password: Authentication with password failed > -- try_user_creds: Checking if default ticket cache has tickets... > -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials > cache found) > -- try_user_creds: User ticket cache was not valid. > Error: could not find any credentials to authenticate with. Neither keytab, > default machine password, nor calling user's tickets worked. Try > "kinit"ing yourself some tickets with permission to create computer > objects, or pre-creating the computer object in AD and selecting > 'reset account'. > -- ~KRB5Context: Destroying Kerberos Context > > > > same error if i change gw.srv1-v4.tcy.myinternetdomain.org to > ophtcysrv1v4.myaddomain.fr > > > anyone know the origin of this error ? > > thanks > Olivier > > > > ------------------------------ > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users