[squid-users] Problem with Kerberos ticket keytab

Flashdown flashdown at data-core.org
Mon Feb 5 15:55:17 UTC 2018 

I am answering to fast, but I am writing in my little break, so sorry 
for that :D forget my last mail regarding "to call it correctly" that 
was misleading and wrong. sure you are talking about the HTTP SPN which 
have the same KVNO. So if you want to get rid of it delete the computer 
object, as your are updating all the SPN's that the Computer Object 
holds. If you use the Attribut-Editor you may can modify the Attribut 
servicePrincipalName and delete the wrong one and recreate the keytab 
afterwards, without deleting the Computer Object at all.



Am 2018-02-05 16:39, schrieb Flashdown:
> Just to call it correctly, what is wrong is the host principle after
> you have deleted the computer object and waited for the object to
> disappear on other DC's as well (if you have replication between dc's)
> and rejoined it, it should be as you want it to be. Hope this helps
> with your setup.
> 
> Am 5. Februar 2018 16:12:29 MEZ schrieb Flashdown
> <flashdown at data-core.org>:
> 
>> Delete the Computer Object in Active Directory to clear these spn's
>> up.
>> 
>> Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9
>> <erdosain9 at gmail.com>:
>> 
>>> Hi to all.
>>> 
>>> The squid was working fine, but i made a mistake and... delete the
>>> proxy.keytab. I try to do it again, but make a mistake in the
>>> syntax
>>> 
>>> wrong syntax (the real name is not squidproxy.domain.lan is
>>> squid.domain.lan):
>>> 
>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
>>> /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>> HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose
>>> --enctypes 28
>>> 
>>> now i put well the syntax, but the keytab is wrong... why??
>>> 
>>> well syntax:
>>> 
>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h
>>> squid.domain.lan
>>> -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>> HTTP/squid.domain.lan --server adw-1.domain.lan --verbose
>>> --enctypes 28
>>> 
>>> [root at squid squid]# ktutil
>>> ktutil:  read_kt PROXY.keytab
>>> ktutil:  l
>>> slot KVNO Principal
>>> ---- ----
>>> 
>>> -------------------------
>>> 
>>> 1   18                 squidproxy-k$@DOMAIN.LAN
>>> 2   18                 squidproxy-k$@DOMAIN.LAN
>>> 3   18                 squidproxy-k$@DOMAIN.LAN
>>> 4   18    HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>> 5   18    HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>> 6   18    HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>> 7   18         host/squid.DOMAIN.lan at DOMAIN.LAN
>>> 8   18         host/squid.DOMAIN.lan at DOMAIN.LAN
>>> 9   18         host/squid.DOMAIN.lan at DOMAIN.LAN
>>> 10   18         HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>> 11   18         HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>> 12   18         HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>> 
>>> Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???
>>> 
>>> Thanks to all!!
>>> 
>>> --
>>> Sent from:
>>> 
>> 
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
>>> 
>>> -------------------------
>>> 
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list