[squid-users] Problem with Kerberos ticket keytab

Flashdown flashdown at data-core.org
Mon Feb 5 15:39:10 UTC 2018 

Just to call it correctly, what is wrong is the host principle after you have deleted the computer object and waited for the object to disappear on other DC's as well (if you have replication between dc's) and rejoined it, it should be as you want it to be. Hope this helps with your setup.

Am 5. Februar 2018 16:12:29 MEZ schrieb Flashdown <flashdown at data-core.org>:
>Delete the Computer Object in Active Directory to clear these spn's up.
>
>Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9
><erdosain9 at gmail.com>:
>>Hi to all.
>>
>>The squid was working fine, but i made a mistake and... delete the
>>proxy.keytab. I try to do it again, but make a mistake in the syntax
>>
>>wrong syntax (the real name is not squidproxy.domain.lan is
>>squid.domain.lan):
>>
>>msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
>>/etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose
>>--enctypes 28
>>
>>now i put well the syntax, but the keytab is wrong... why??
>>
>>well syntax:
>>
>>msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h
>>squid.domain.lan
>>-k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>HTTP/squid.domain.lan --server adw-1.domain.lan --verbose --enctypes
>28
>>
>>
>>[root at squid squid]# ktutil 
>>ktutil:  read_kt PROXY.keytab 
>>ktutil:  l
>>slot KVNO Principal
>>---- ----
>>---------------------------------------------------------------------
>>   1   18                 squidproxy-k$@DOMAIN.LAN
>>   2   18                 squidproxy-k$@DOMAIN.LAN
>>   3   18                 squidproxy-k$@DOMAIN.LAN
>>   4   18    HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>   5   18    HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>   6   18    HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>   7   18         host/squid.DOMAIN.lan at DOMAIN.LAN
>>   8   18         host/squid.DOMAIN.lan at DOMAIN.LAN
>>   9   18         host/squid.DOMAIN.lan at DOMAIN.LAN
>>  10   18         HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>  11   18         HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>  12   18         HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>
>>
>>Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???
>>
>>Thanks to all!!
>>
>>
>>
>>--
>>Sent from:
>>http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
>>_______________________________________________
>>squid-users mailing list
>>squid-users at lists.squid-cache.org
>>http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180205/42fbb131/attachment.html>

More information about the squid-users mailing list