<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#464646" bgcolor="#FFFFFF">
<font face="monospace">Hi<br>
<br>
perhaps this one <br>
<a class="moz-txt-link-freetext" href="https://wiki.articatech.com/en/proxy-service/troubleshooting/gss-cannot-decrypt-ticket">https://wiki.articatech.com/en/proxy-service/troubleshooting/gss-cannot-decrypt-ticket</a><br>
<br>
</font><br>
<div class="moz-cite-prefix">Le 16/11/2022 à 05:11, Михаил a écrit :<br>
</div>
<blockquote type="cite" cite="mid:1783041668571106@mail.yandex.ru">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div>Hi everybody,</div>
<div>
<div>
<div> </div>
<div>Could you help me to setup my new squid server? I have a
problem with keytab authorization.</div>
<div> </div>
<div>2022/11/16 11:35:39| ERROR: Negotiate Authentication
validating user. Result: {result=BH, notes={message:
gss_accept_sec_context() failed: Unspecified GSS failure.
Minor code may provide more information. Cannot decrypt
ticket for <a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a> using
keytab key for <a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.**.CORP">HTTP/uisproxy-rop.***.***.corp@***.**.CORP</a>;
}}</div>
<div>Got NTLMSSP neg_flags=0xe2088297</div>
<div>2022/11/16 11:35:40| ERROR: Negotiate Authentication
validating user. Result: {result=BH, notes={message:
gss_accept_sec_context() failed: Unspecified GSS failure.
Minor code may provide more information. Cannot decrypt
ticket for <a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a> using
keytab key for <a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a>;
}}</div>
<div> </div>
<div># kinit -V -k -t /etc/squid/keytab/uisproxy-rop-t.keytab
HTTP/uisproxy-rop.***.***.corp</div>
<div>Using default cache: /tmp/krb5cc_0</div>
<div>Using principal:
<a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a></div>
<div>Using keytab: /etc/squid/keytab/uisproxy-rop-t.keytab</div>
<div>Authenticated to Kerberos v5</div>
<div> </div>
<div># klist -ke /etc/squid/keytab/uisproxy-rop-t.keytab</div>
<div>Keytab name: <a class="moz-txt-link-freetext" href="FILE:/etc/squid/keytab/uisproxy-rop-t.keytab">FILE:/etc/squid/keytab/uisproxy-rop-t.keytab</a></div>
<div>KVNO Principal</div>
<div>----
--------------------------------------------------------------------------</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:uisproxy-rop-t$@***.***.CORP">uisproxy-rop-t$@***.***.CORP</a> (arcfour-hmac)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:uisproxy-rop-t$@***.***.CORP">uisproxy-rop-t$@***.***.CORP</a>
(aes128-cts-hmac-sha1-96)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:uisproxy-rop-t$@***.***.CORP">uisproxy-rop-t$@***.***.CORP</a>
(aes256-cts-hmac-sha1-96)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:UISPROXY-ROP-T$@***.***.CORP">UISPROXY-ROP-T$@***.***.CORP</a> (arcfour-hmac)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:UISPROXY-ROP-T$@***.***.CORP">UISPROXY-ROP-T$@***.***.CORP</a>
(aes128-cts-hmac-sha1-96)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:UISPROXY-ROP-T$@***.***.CORP">UISPROXY-ROP-T$@***.***.CORP</a>
(aes256-cts-hmac-sha1-96)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a>
(arcfour-hmac)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a>
(aes128-cts-hmac-sha1-96)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a>
(aes256-cts-hmac-sha1-96)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:host/uisproxy-rop@***.***.CORP">host/uisproxy-rop@***.***.CORP</a> (arcfour-hmac)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:host/uisproxy-rop@***.***.CORP">host/uisproxy-rop@***.***.CORP</a>
(aes128-cts-hmac-sha1-96)</div>
<div> 3 <a class="moz-txt-link-abbreviated" href="mailto:host/uisproxy-rop@***.***.CORP">host/uisproxy-rop@***.***.CORP</a>
(aes256-cts-hmac-sha1-96)</div>
<div> </div>
<div># klist -kt</div>
<div>Keytab name: <a class="moz-txt-link-freetext" href="FILE:/etc/squid/keytab/uisproxy-rop-t.keytab">FILE:/etc/squid/keytab/uisproxy-rop-t.keytab</a></div>
<div>KVNO Timestamp Principal</div>
<div>---- -------------------
------------------------------------------------------</div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:uisproxy-rop-t$@***.***.CORP">uisproxy-rop-t$@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:uisproxy-rop-t$@***.***.CORP">uisproxy-rop-t$@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:uisproxy-rop-t$@***.***.CORP">uisproxy-rop-t$@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:UISPROXY-ROP-T$@***.***.CORP">UISPROXY-ROP-T$@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:UISPROXY-ROP-T$@***.***.CORP">UISPROXY-ROP-T$@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:UISPROXY-ROP-T$@***.***.CORP">UISPROXY-ROP-T$@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50
<a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50
<a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50
<a class="moz-txt-link-abbreviated" href="mailto:HTTP/uisproxy-rop.***.***.corp@***.***.CORP">HTTP/uisproxy-rop.***.***.corp@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:host/uisproxy-rop@***.***.CORP">host/uisproxy-rop@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:host/uisproxy-rop@***.***.CORP">host/uisproxy-rop@***.***.CORP</a></div>
<div> 3 11/16/2022 11:30:50 <a class="moz-txt-link-abbreviated" href="mailto:host/uisproxy-rop@***.***.CORP">host/uisproxy-rop@***.***.CORP</a></div>
</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
David Touzeau - Artica Tech France
Development team, level 3 support
----------------------------------
P: +33 6 58 44 69 46
www: <a class="moz-txt-link-freetext" href="https://wiki.articatech.com">https://wiki.articatech.com</a>
www: <a class="moz-txt-link-freetext" href="http://articatech.net">http://articatech.net</a> </pre>
</body>
</html>