[squid-users] Kerberos (Negotiate) problem with win2008 AD users
Victor Sudakov
sudakov at sibptus.tomsk.ru
Fri Mar 4 16:29:23 UTC 2016
L.P.H. van Belle wrote:
>
> What is the output of
>
> ktutil list
>
> (of the squid keytab. )
I have already quoted it in the previous message, but I am happy to repeat:
/usr/local/etc/squid/squid.keytab:
Vno Type Principal
1 arcfour-hmac-md5 HTTP/proxy.sibptus.transneft.ru at SIBPTUS.TRANSNEFT.RU
1 arcfour-hmac-md5 squiduser at SIBPTUS.TRANSNEFT.RU
1 arcfour-hmac-md5 HTTP/proxy2.sibptus.ru at SIBPTUS.TRANSNEFT.RU
1 arcfour-hmac-md5 HTTP/proxy2.SIBPTUS.ru at SIBPTUS.TRANSNEFT.RU
1 arcfour-hmac-md5 HTTP/proxy2.sibptus.ru at STN.TN.CORP
[root at proxy2 local/etc/squid]
>
> And you can try adding To krb5.conf
>
> ; for Windows 2008 with AES
As you can see, there is only one key with only one enctype for the
2008 realm. It is the very type that the ticket on Windows has. I can
consider adding some more keys to the squid keytab, but I'm afraid the
problem is eisewhere.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the squid-users
mailing list