[squid-users] Problem with Kerberos ticket keytab
Flashdown
flashdown at data-core.org
Mon Feb 5 15:59:09 UTC 2018
You could also give this parameter of msktutil a try:
flush Flushes all principals for the current host or
service account
from the keytab, and deletes
servicePrincipalName from AD.
Am 2018-02-05 16:55, schrieb Flashdown:
> I am answering to fast, but I am writing in my little break, so sorry
> for that :D forget my last mail regarding "to call it correctly" that
> was misleading and wrong. sure you are talking about the HTTP SPN
> which have the same KVNO. So if you want to get rid of it delete the
> computer object, as your are updating all the SPN's that the Computer
> Object holds. If you use the Attribut-Editor you may can modify the
> Attribut servicePrincipalName and delete the wrong one and recreate
> the keytab afterwards, without deleting the Computer Object at all.
>
>
>
> Am 2018-02-05 16:39, schrieb Flashdown:
>> Just to call it correctly, what is wrong is the host principle after
>> you have deleted the computer object and waited for the object to
>> disappear on other DC's as well (if you have replication between dc's)
>> and rejoined it, it should be as you want it to be. Hope this helps
>> with your setup.
>>
>> Am 5. Februar 2018 16:12:29 MEZ schrieb Flashdown
>> <flashdown at data-core.org>:
>>
>>> Delete the Computer Object in Active Directory to clear these spn's
>>> up.
>>>
>>> Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9
>>> <erdosain9 at gmail.com>:
>>>
>>>> Hi to all.
>>>>
>>>> The squid was working fine, but i made a mistake and... delete the
>>>> proxy.keytab. I try to do it again, but make a mistake in the
>>>> syntax
>>>>
>>>> wrong syntax (the real name is not squidproxy.domain.lan is
>>>> squid.domain.lan):
>>>>
>>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
>>>> /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>>> HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose
>>>> --enctypes 28
>>>>
>>>> now i put well the syntax, but the keytab is wrong... why??
>>>>
>>>> well syntax:
>>>>
>>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h
>>>> squid.domain.lan
>>>> -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>>> HTTP/squid.domain.lan --server adw-1.domain.lan --verbose
>>>> --enctypes 28
>>>>
>>>> [root at squid squid]# ktutil
>>>> ktutil: read_kt PROXY.keytab
>>>> ktutil: l
>>>> slot KVNO Principal
>>>> ---- ----
>>>>
>>>> -------------------------
>>>>
>>>> 1 18 squidproxy-k$@DOMAIN.LAN
>>>> 2 18 squidproxy-k$@DOMAIN.LAN
>>>> 3 18 squidproxy-k$@DOMAIN.LAN
>>>> 4 18 HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>>> 5 18 HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>>> 6 18 HTTP/squidproxy.DOMAIN.lan at DOMAIN.LAN
>>>> 7 18 host/squid.DOMAIN.lan at DOMAIN.LAN
>>>> 8 18 host/squid.DOMAIN.lan at DOMAIN.LAN
>>>> 9 18 host/squid.DOMAIN.lan at DOMAIN.LAN
>>>> 10 18 HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>>> 11 18 HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>>> 12 18 HTTP/squid.DOMAIN.lan at DOMAIN.LAN
>>>>
>>>> Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???
>>>>
>>>> Thanks to all!!
>>>>
>>>> --
>>>> Sent from:
>>>>
>>>
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
>>>>
>>>> -------------------------
>>>>
>>>> squid-users mailing list
>>>> squid-users at lists.squid-cache.org
>>>> http://lists.squid-cache.org/listinfo/squid-users
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list