Hi Olivier, You may need to check with the msktutil authors as this is not directly related to squid.
Regards Markus "Olivier CALVANO" <o.calv...@gmail.com> wrote in message news:CAJajPecBcrbW+jtiwF2J=ujz4kwdtwf6opzjf56pvz+-gfn...@mail.gmail.com... Hi i have compiled the 1.0rc version : [root@gw msktutil-1.0rc1]# ./msktutil -c -b "CN=COMPUTERS" -s HTTP/ophtcysrv1v4.myaddomain.fr -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/ophtcysrv1v4.myasdomain.fr --server myad.myaddomain.fr --verbose --enctypes 28 -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/urandom = 93 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-jPXQHu -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/gw.srv1-v4.tcy.sodiaal.ophelys.org from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with password. -- create_default_machine_password: Default machine password for OPHTCYSRV1V4-K$ is ophtcysrv1v4-k -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_password: Authentication with password failed -- try_user_creds: Checking if default ticket cache has tickets... -- finalize_exec: Authenticated using method 5 -- LDAPConnection: Connecting to LDAP server: myad.myaddomain.fr SASL/GSSAPI authentication started SASL username: myusern...@myaddomain.fr SASL SSF: 56 SASL data security layer installed. -- ldap_get_base_dn: Determining default LDAP base: dc=MYDOMAIN,dc=FR -- ldap_check_account: Checking that a computer account for OPHTCYSRV1V4-K$ exists -- ldap_check_account: Computer account not found, create the account No computer account for OPHTCYSRV1V4-K found, creating a new one. -- ldap_check_account_strings: Inspecting (and updating) computer account attributes -- ldap_check_account_strings: Found userPrincipalName = -- ldap_check_account_strings: userPrincipalName should be HTTP/ophtcysrv1v4.myaddomain...@myaddomain.fr -- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0 -- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000 -- ldap_get_kvno: KVNO is 1 -- set_password: Attempting to reset computer's password -- set_password: Try change password using user's ticket cache -- ldap_get_pwdLastSet: pwdLastSet is 130751472429170776 Error: Unable to set machine password for OPHTCYSRV1V4-K$: (3) Authentication error Error: set_password failed -- ~KRB5Context: Destroying Kerberos Context 2015-05-03 13:25 GMT+02:00 Markus Moeller <hua...@moeller.plus.com>: Did you compile msktutil or is it a package in centos ? Markus "Olivier CALVANO" <o.calv...@gmail.com> wrote in message news:cajajpecqd+_1krufwa9eac4iyakapzblyg-9vuueklgwuec...@mail.gmail.com... Hi Thanks for your answer CentOS Linux release 7.1.1503 (Core) krb5-workstation-1.12.2-14.el7.x86_64 krb5-libs-1.12.2-14.el7.x86_64 regards olivier 2015-05-03 0:25 GMT+02:00 Markus Moeller <hua...@moeller.plus.com>: Which OS and Kerberos version do you have ? There might be some issue with the cache used KEYRING:persistent:0:0 Markus "Olivier CALVANO" <o.calv...@gmail.com> wrote in message news:CAJajPefo3t8b1=_v5pfj3h0gq4jk3oosutw8gnhy7z-gs21...@mail.gmail.com... Hi I request your help because i want use NTLM/Kerberos for authenticate my user. For NTLM, i use Winbind, no problems, [root@gw]# wbinfo -t checking the trust secret for domain MYADDOMAIN via RPC calls succeeded but for Kerberos, i can't create the .keytab [root@gw]# kinit MYUSERNAME Password for myusern...@myaddomain.fr: [root@gw]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: myusern...@myaddomain.fr Valid starting Expires Service principal 02/05/2015 04:51:25 02/05/2015 14:51:25 krbtgt/myaddomain...@myaddomain.fr renew until 09/05/2015 04:51:07 MYUSERNAME is the same account that i join the domain (net join) with winbind after, i put: msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose and i have a error: [root@gw etc]# msktutil -c -b "CN=COMPUTERS" -s HTTP/gw.srv1-v4.tcy.myinternetdomain.org -k /etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/gw.srv1-v4.tcy.myinternetdomain.org --server adserver1 --verbose -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/udandom = 84 -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-jnxTuG -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$ -- try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/gw.srv1-v4.tcy.myinternetdomain.org from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_password: Trying to authenticate for OPHTCYSRV1V4-K$ with password. -- create_default_machine_password: Default machine password for OPHTCYSRV1V4-K$ is ophtcysrv1v4-k -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database) -- try_machine_password: Authentication with password failed -- try_user_creds: Checking if default ticket cache has tickets... -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials cache found) -- try_user_creds: User ticket cache was not valid. Error: could not find any credentials to authenticate with. Neither keytab, default machine password, nor calling user's tickets worked. Try "kinit"ing yourself some tickets with permission to create computer objects, or pre-creating the computer object in AD and selecting 'reset account'. -- ~KRB5Context: Destroying Kerberos Context same error if i change gw.srv1-v4.tcy.myinternetdomain.org to ophtcysrv1v4.myaddomain.fr anyone know the origin of this error ? thanks Olivier ---------------------------------------------------------------------------- _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ------------------------------------------------------------------------------ _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -------------------------------------------------------------------------------- _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
