<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>Did you compile msktutil or is it a package in centos ? </DIV>
<DIV> </DIV>
<DIV>Markus</DIV>
<DIV> </DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">
<DIV>"Olivier CALVANO" <o.calvano@gmail.com> wrote in message
news:CAJajPecQD+_1KRUfwa9eAC4iYAKapZBLyg-9vuueKLGWUecopQ@mail.gmail.com...</DIV></DIV></DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">
<DIV dir=ltr>
<DIV>
<DIV>
<DIV>Hi<BR><BR><BR></DIV>Thanks for your answer<BR><BR>CentOS Linux release
7.1.1503
(Core)<BR><BR>krb5-workstation-1.12.2-14.el7.x86_64<BR>krb5-libs-1.12.2-14.el7.x86_64<BR><BR></DIV>regards<BR></DIV>olivier<BR><BR></DIV>
<DIV class=gmail_extra>
<DIV> </DIV>
<DIV class=gmail_quote>2015-05-03 0:25 GMT+02:00 Markus Moeller <SPAN
dir=ltr><<A href="mailto:huaraz@moeller.plus.com"
target=_blank>huaraz@moeller.plus.com</A>></SPAN>:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<DIV dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>Which OS and Kerberos version do you have ? There might be some
issue with the cache used KEYRING:persistent:0:0<BR></DIV>
<DIV>Markus</DIV>
<DIV> </DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">
<DIV>"Olivier CALVANO" <<A href="mailto:o.calvano@gmail.com"
target=_blank>o.calvano@gmail.com</A>> wrote in message
news:CAJajPefo3t8b1=_v5PFj3H0gq4Jk3OosuTW8gNHY7Z-Gs21qLg@mail.gmail.com...</DIV></DIV></DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">
<DIV>
<DIV class=h5>
<DIV dir=ltr>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>Hi<BR><BR></DIV>I request your help because i want use NTLM/Kerberos for
authenticate my user.<BR><BR></DIV>For NTLM, i use Winbind, no problems,
<BR><BR>[root@gw]# wbinfo -t<BR>checking the trust secret for domain
MYADDOMAIN via RPC calls succeeded<BR><BR></DIV>but for Kerberos, i can't
create the .keytab<BR><BR><BR>[root@gw]# kinit MYUSERNAME<BR>Password for <A
href="mailto:MYUSERNAME@MYADDOMAIN.FR"
target=_blank>MYUSERNAME@MYADDOMAIN.FR</A>:<BR><BR>[root@gw]# klist<BR>Ticket
cache: KEYRING:persistent:0:0<BR>Default principal: <A
href="mailto:MYUSERNAME@MYADDOMAIN.FR"
target=_blank>MYUSERNAME@MYADDOMAIN.FR</A><BR><BR>Valid
starting
Expires
Service principal<BR>02/05/2015 04:51:25 02/05/2015 14:51:25
krbtgt/<A href="mailto:MYADDOMAIN.FR@MYADDOMAIN.FR"
target=_blank>MYADDOMAIN.FR@MYADDOMAIN.FR</A><BR>
renew until 09/05/2015 04:51:07<BR><BR></DIV>MYUSERNAME is the same account
that i join the domain (net join) with winbind<BR><BR><BR></DIV>after, i
put:<BR><BR>msktutil -c -b "CN=COMPUTERS" -s HTTP/<A
href="http://gw.srv1-v4.tcy.myinternetdomain.org"
target=_blank>gw.srv1-v4.tcy.myinternetdomain.org</A> -k
/etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/<A
href="http://gw.srv1-v4.tcy.myinternetdomain.org"
target=_blank>gw.srv1-v4.tcy.myinternetdomain.org</A> --server adserver1
--verbose<BR>
<DIV> </DIV>
<DIV>and i have a error:<BR><BR>[root@gw etc]# msktutil -c -b "CN=COMPUTERS"
-s HTTP/<A href="http://gw.srv1-v4.tcy.myinternetdomain.org"
target=_blank>gw.srv1-v4.tcy.myinternetdomain.org</A> -k
/etc/squid/PROXY.keytab --computer-name OPHTCYSRV1V4-K --upn HTTP/<A
href="http://gw.srv1-v4.tcy.myinternetdomain.org"
target=_blank>gw.srv1-v4.tcy.myinternetdomain.org</A> --server adserver1
--verbose<BR>-- init_password: Wiping the computer password structure<BR>--
generate_new_password: Generating a new, random password for the computer
account<BR>-- generate_new_password: Characters read from /dev/udandom =
84<BR>-- create_fake_krb5_conf: Created a fake krb5.conf file:
/tmp/.msktkrb5.conf-jnxTuG<BR>-- reload: Reloading Kerberos Context<BR>--
finalize_exec: SAM Account Name is: OPHTCYSRV1V4-K$<BR>--
try_machine_keytab_princ: Trying to authenticate for OPHTCYSRV1V4-K$ from
local keytab...<BR>-- try_machine_keytab_princ: Error:
krb5_get_init_creds_keytab failed (Client not found in Kerberos
database)<BR>-- try_machine_keytab_princ: Authentication with keytab
failed<BR>-- try_machine_keytab_princ: Trying to authenticate for host/<A
href="http://gw.srv1-v4.tcy.myinternetdomain.org"
target=_blank>gw.srv1-v4.tcy.myinternetdomain.org</A> from local
keytab...<BR>-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab
failed (Client not found in Kerberos database)<BR>-- try_machine_keytab_princ:
Authentication with keytab failed<BR>-- try_machine_password: Trying to
authenticate for OPHTCYSRV1V4-K$ with password.<BR>--
create_default_machine_password: Default machine password for OPHTCYSRV1V4-K$
is ophtcysrv1v4-k<BR>-- try_machine_password: Error:
krb5_get_init_creds_keytab failed (Client not found in Kerberos
database)<BR>-- try_machine_password: Authentication with password
failed<BR>-- try_user_creds: Checking if default ticket cache has
tickets...<BR>-- try_user_creds: Error: krb5_cc_get_principal failed (No
credentials cache found)<BR>-- try_user_creds: User ticket cache was not
valid.<BR>Error: could not find any credentials to authenticate with. Neither
keytab,<BR> default machine password, nor calling
user's tickets worked. Try<BR> "kinit"ing yourself
some tickets with permission to create computer<BR>
objects, or pre-creating the computer object in AD and
selecting<BR> 'reset account'.<BR>-- ~KRB5Context:
Destroying Kerberos Context<BR><BR><BR><BR></DIV>
<DIV>same error if i change <A
href="http://gw.srv1-v4.tcy.myinternetdomain.org"
target=_blank>gw.srv1-v4.tcy.myinternetdomain.org</A> to <A
href="http://ophtcysrv1v4.myaddomain.fr"
target=_blank>ophtcysrv1v4.myaddomain.fr</A><BR></DIV>
<DIV>
<DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>anyone know the origin of this error ?<BR><BR></DIV>
<DIV>thanks<BR></DIV>
<DIV>Olivier<BR><BR></DIV>
<DIV> </DIV></DIV></DIV></DIV></DIV></DIV>
<HR>
_______________________________________________<BR>squid-users mailing
list<BR><A href="mailto:squid-users@lists.squid-cache.org"
target=_blank>squid-users@lists.squid-cache.org</A><BR><A
href="http://lists.squid-cache.org/listinfo/squid-users"
target=_blank>http://lists.squid-cache.org/listinfo/squid-users</A><BR></DIV></DIV></DIV></DIV></DIV><BR>_______________________________________________<BR>squid-users
mailing list<BR><A
href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</A><BR><A
href="http://lists.squid-cache.org/listinfo/squid-users"
target=_blank>http://lists.squid-cache.org/listinfo/squid-users</A><BR><BR></BLOCKQUOTE></DIV>
<DIV> </DIV></DIV>
<P>
<HR>
_______________________________________________<BR>squid-users mailing
list<BR>squid-users@lists.squid-cache.org<BR>http://lists.squid-cache.org/listinfo/squid-users<BR></DIV></DIV></DIV></DIV></BODY></HTML>