[squid-users] GSSAPI problem when try create keytab using msktutil

kukuh amukti kukuh.amukti at gmail.com
Thu Apr 23 09:40:44 UTC 2015 

Dear All,
i've building squid in W2K12 and there is no problem but when i try running
in W2K3,
i get problem when try create keytab with msktutil command to win server
2003.
and when i run msktutil :

msktutil -c -b "OU=WSUS - Server,OU=Astragraphia-ITS" -s
HTTP/proxyagit01.ag-it.com -k /etc/squid3/PROXY.keytab --computer-name
PROXYAGIT-01 --upn HTTP/proxyagit01.ag-it.com --server
svr-resdmn22.ag-it.com --verbose

and get some error

 -- init_password: Wiping the computer password structure
 -- generate_new_password: Generating a new, random password for the
computer account
 -- generate_new_password:  Characters read from /dev/udandom = 90
 -- create_fake_krb5_conf: Created a fake krb5.conf file:
/tmp/.msktkrb5.conf-F6iL9e
 -- reload: Reloading Kerberos Context
 -- finalize_exec: SAM Account Name is: PROXYAGIT01-K$
 -- try_machine_keytab_princ: Trying to authenticate for PROXYAGIT01-K$
from local keytab...
 -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed
(Client not found in Kerberos database)
 -- try_machine_keytab_princ: Authentication with keytab failed
 -- try_machine_keytab_princ: Trying to authenticate for host/
proxyagit01.ag-it.com from local keytab...
 -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed
(Client not found in Kerberos database)
 -- try_machine_keytab_princ: Authentication with keytab failed
 -- try_machine_password: Trying to authenticate for PROXYAGIT01-K$ with
password.
 -- create_default_machine_password: Default machine password for
PROXYAGIT01-K$ is proxyagit01-k
 -- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client
not found in Kerberos database)
 -- try_machine_password: Authentication with password failed
 -- try_user_creds: Checking if default ticket cache has tickets...
 -- finalize_exec: Authenticated using method 4

 -- ldap_connect: Connecting to LDAP server: svr-resdmn22.ag-it.com
try_tls=YES
 -- ldap_connect: Connecting to LDAP server: svr-resdmn22.ag-it.com
try_tls=NO
SASL/GSSAPI authentication started
Error: ldap_sasl_interactive_bind_s failed (Local error)
Error: ldap_connect failed
--> Is your kerberos ticket expired? You might try re-"kinit"ing.
 -- ~KRB5Context: Destroying Kerberos Context


in auth.log  say " msktutil: GSSAPI Error: Unspecified GSS failure.  Minor
code may provide more information (Server not found in Kerberos database)"

what should i do?

thanks,
kukuhga
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150423/95123d16/attachment.html>

More information about the squid-users mailing list