[squid-users] Is your kerberos ticket expired?

Dijxie dijxie at gmail.com
Sun Oct 8 12:18:44 UTC 2017 

W dniu 05.10.2017 o 16:16, erdosain9 pisze:
> Hi.
> All is working fine, but im having this error in the mail of root
>
> ------------------------------------------------------------------------------------------------------------------
>
>
>  From root at squid.domain.lan  Tue Oct  3 04:00:02 2017
> Return-Path: <root at squid.domain.lan>
> X-Original-To: root
> Delivered-To: root at squid.domain.lan
> Received: by squid.domain.lan (Postfix, from userid 0)
> 	id 2581F8066D7F; Tue,  3 Oct 2017 04:00:02 -0300 (ART)
> From: "(Cron Daemon)" <root at squid.domain.lan>
> To: root at squid.domain.lan
> Subject: Cron <root at squid>  msktutil --auto-update --verbose --computer-name
> squidproxy-k | logger -t msktutil > /dev/null
> Content-Type: text/plain; charset=UTF-8
> Auto-Submitted: auto-generated
> Precedence: bulk
> X-Cron-Env: <XDG_SESSION_ID=666>
> X-Cron-Env: <XDG_RUNTIME_DIR=/run/user/0>
> X-Cron-Env: <LANG=es_AR.UTF-8>
> X-Cron-Env: <SHELL=/bin/bash>
> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
> X-Cron-Env: <MAILTO=root>
> X-Cron-Env: <HOME=/root>
> X-Cron-Env: <LOGNAME=root>
> X-Cron-Env: <USER=root>
> Message-Id: <20171003070002.2581F8066D7F at squid.domain.lan>
> Date: Tue,  3 Oct 2017 04:00:02 -0300 (ART)
>
> SASL/GSSAPI authentication started
> Error: ldap_sasl_interactive_bind_s failed (Local error)
> Error: ldap_connect failed
> --> Is your kerberos ticket expired? You might try re-"kinit"ing.
>
>  From root at squid.domain.lan  Wed Oct  4 04:00:02 2017
> Return-Path: <root at squid.domain.lan>
> X-Original-To: root
> Delivered-To: root at squid.domain.lan
> Received: by squid.domain.lan (Postfix, from userid 0)
> 	id 24EC282EEFD7; Wed,  4 Oct 2017 04:00:02 -0300 (ART)
> From: "(Cron Daemon)" <root at squid.domain.lan>
> To: root at squid.domain.lan
> Subject: Cron <root at squid>  msktutil --auto-update --verbose --computer-name
> squidproxy-k | logger -t msktutil > /dev/null
> Content-Type: text/plain; charset=UTF-8
> Auto-Submitted: auto-generated
> Precedence: bulk
> X-Cron-Env: <XDG_SESSION_ID=701>
> X-Cron-Env: <XDG_RUNTIME_DIR=/run/user/0>
> X-Cron-Env: <LANG=es_AR.UTF-8>
> X-Cron-Env: <SHELL=/bin/bash>
> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
> X-Cron-Env: <MAILTO=root>
> X-Cron-Env: <HOME=/root>
> X-Cron-Env: <LOGNAME=root>
> X-Cron-Env: <USER=root>
> Message-Id: <20171004070002.24EC282EEFD7 at squid.domain.lan>
> Date: Wed,  4 Oct 2017 04:00:02 -0300 (ART)
>
> SASL/GSSAPI authentication started
> Error: ldap_sasl_interactive_bind_s failed (Local error)
> Error: ldap_connect failed
> --> Is your kerberos ticket expired? You might try re-"kinit"ing.
>
>  From root at squid.domain.lan  Thu Oct  5 04:00:02 2017
> Return-Path: <root at squid.domain.lan>
> X-Original-To: root
> Delivered-To: root at squid.domain.lan
> Received: by squid.domain.lan (Postfix, from userid 0)
> 	id 9B89F8057477; Thu,  5 Oct 2017 04:00:02 -0300 (ART)
> From: "(Cron Daemon)" <root at squid.domain.lan>
> To: root at squid.domain.lan
> Subject: Cron <root at squid>  msktutil --auto-update --verbose --computer-name
> squidproxy-k | logger -t msktutil > /dev/null
> Content-Type: text/plain; charset=UTF-8
> Auto-Submitted: auto-generated
> Precedence: bulk
> X-Cron-Env: <XDG_SESSION_ID=736>
> X-Cron-Env: <XDG_RUNTIME_DIR=/run/user/0>
> X-Cron-Env: <LANG=es_AR.UTF-8>
> X-Cron-Env: <SHELL=/bin/bash>
> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
> X-Cron-Env: <MAILTO=root>
> X-Cron-Env: <HOME=/root>
> X-Cron-Env: <LOGNAME=root>
> X-Cron-Env: <USER=root>
> Message-Id: <20171005070002.9B89F8057477 at squid.domain.lan>
> Date: Thu,  5 Oct 2017 04:00:02 -0300 (ART)
>
> SASL/GSSAPI authentication started
> Error: ldap_sasl_interactive_bind_s failed (Local error)
> Error: ldap_connect failed
> --> Is your kerberos ticket expired? You might try re-"kinit"ing.
>
> ----------------------------------------------------------------------------------------------------------------------------
>
> [root at squid network-scripts]# systemctl status squid
> ● squid.service - Squid Web Proxy Server
>     Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor
> preset: disabled)
>     Active: active (running) since vie 2017-09-22 11:17:42 ART; 1 weeks 5
> days ago
>       Docs: man:squid(8)

<cut>

If you are using sssd (default in RHEL, CentOS)  you might be partially 
affected  by this bug:

https://bugs.freedesktop.org/show_bug.cgi?id=100118

be aware that sssd updates AD domain password (every 28 days AFAIR) ; 
you might want to disable it. If you have winbind istalled, check wbinfo -tP

-- 
Greets, Dijx

More information about the squid-users mailing list