Hi i have compiled the 1.0rc version :
[root@gw msktutil-1.0rc1]# ./msktutil -c -b "CN=COMPUTERS" -s HTTP/ ophtcysrv1v4.myaddomain.fr -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/ophtcysrv1v4.myasdomain.fr --server myad.myaddomain.fr --verbose --enctypes 28 -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/urandom = 93 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-jPXQHu -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/ gw.srv1-v4.tcy.sodiaal.ophelys.org from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with password. -- create_default_machine_password: Default machine password for OPHTCYSRV1V4-K$ is ophtcysrv1v4-k -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_password: Authentication with password failed -- try_user_creds: Checking if default ticket cache has tickets... -- finalize_exec: Authenticated using method 5 -- LDAPConnection: Connecting to LDAP server: myad.myaddomain.fr SASL/GSSAPI authentication started SASL username: myusern...@myaddomain.fr SASL SSF: 56 SASL data security layer installed. -- ldap_get_base_dn: Determining default LDAP base: dc=MYDOMAIN,dc=FR -- ldap_check_account: Checking that a computer account for OPHTCYSRV1V4-K$ exists -- ldap_check_account: Computer account not found, create the account No computer account for OPHTCYSRV1V4-K found, creating a new one. -- ldap_check_account_strings: Inspecting (and updating) computer account attributes -- ldap_check_account_strings: Found userPrincipalName = -- ldap_check_account_strings: userPrincipalName should be HTTP/ ophtcysrv1v4.myaddomain...@myaddomain.fr -- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0 -- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000 -- ldap_get_kvno: KVNO is 1 -- set_password: Attempting to reset computer's password -- set_password: Try change password using user's ticket cache -- ldap_get_pwdLastSet: pwdLastSet is 130751472429170776 Error: Unable to set machine password for OPHTCYSRV1V4-K$: (3) Authentication error Error: set_password failed -- ~KRB5Context: Destroying Kerberos Context 2015-05-03 13:25 GMT+02:00 Markus Moeller <hua...@moeller.plus.com>: > Did you compile msktutil or is it a package in centos ? > > Markus > > "Olivier CALVANO" <o.calv...@gmail.com> wrote in message > news:cajajpecqd+_1krufwa9eac4iyakapzblyg-9vuueklgwuec...@mail.gmail.com... > Hi > > > Thanks for your answer > > CentOS Linux release 7.1.1503 (Core) > > krb5-workstation-1.12.2-14.el7.x86_64 > krb5-libs-1.12.2-14.el7.x86_64 > > regards > olivier > > > 2015-05-03 0:25 GMT+02:00 Markus Moeller <hua...@moeller.plus.com>: > >> Which OS and Kerberos version do you have ? There might be some issue >> with the cache used KEYRING:persistent:0:0 >> Markus >> >> "Olivier CALVANO" <o.calv...@gmail.com> wrote in message >> news:CAJajPefo3t8b1=_v5pfj3h0gq4jk3oosutw8gnhy7z-gs21...@mail.gmail.com. >> .. >> Hi >> >> I request your help because i want use NTLM/Kerberos for authenticate my >> user. >> >> For NTLM, i use Winbind, no problems, >> >> [root@gw]# wbinfo -t >> checking the trust secret for domain MYADDOMAIN via RPC calls succeeded >> >> but for Kerberos, i can't create the .keytab >> >> >> [root@gw]# kinit MYUSERNAME >> Password for myusern...@myaddomain.fr: >> >> [root@gw]# klist >> Ticket cache: KEYRING:persistent:0:0 >> Default principal: myusern...@myaddomain.fr >> >> Valid starting Expires Service principal >> 02/05/2015 04:51:25 02/05/2015 14:51:25 krbtgt/ >> myaddomain...@myaddomain.fr >> renew until 09/05/2015 04:51:07 >> >> MYUSERNAME is the same account that i join the domain (net join) with >> winbind >> >> >> after, i put: >> >> msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org >> -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/ >> gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose >> >> and i have a error: >> >> [root@gw etc]# msktutil -c -b "CN=COMPUTERS" -s HTTP/ >> gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab >> --computer-name OPHTCYSRV1V4-K --upn HTTP/ >> gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose >> -- init_password: Wiping the computer password structure >> -- generate_new_password: Generating a new, random password for the >> computer account >> -- generate_new_password: Characters read from /dev/udandom = 84 >> -- create_fake_krb5_conf: Created a fake krb5.conf file: >> /tmp/.msktkrb5.conf-jnxTuG >> -- reload: Reloading Kerberos Context >> -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ >> -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ >> from local keytab... >> -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed >> (Client not found in Kerberos database) >> -- try_machine_keytab_princ: Authentication with keytab failed >> -- try_machine_keytab_princ: Trying to authenticate for host/ >> gw.srv1-v4.tcy.myinternetdomain.org from local keytab... >> -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed >> (Client not found in Kerberos database) >> -- try_machine_keytab_princ: Authentication with keytab failed >> -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with >> password. >> -- create_default_machine_password: Default machine password for >> OPHTCYSRV1V4-K$ is ophtcysrv1v4-k >> -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client >> not found in Kerberos database) >> -- try_machine_password: Authentication with password failed >> -- try_user_creds: Checking if default ticket cache has tickets... >> -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials >> cache found) >> -- try_user_creds: User ticket cache was not valid. >> Error: could not find any credentials to authenticate with. Neither >> keytab, >> default machine password, nor calling user's tickets worked. Try >> "kinit"ing yourself some tickets with permission to create computer >> objects, or pre-creating the computer object in AD and selecting >> 'reset account'. >> -- ~KRB5Context: Destroying Kerberos Context >> >> >> >> same error if i change gw.srv1-v4.tcy.myinternetdomain.org to >> ophtcysrv1v4.myaddomain.fr >> >> >> anyone know the origin of this error ? >> >> thanks >> Olivier >> >> >> ------------------------------ >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> > > ------------------------------ > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
