[squid-users] Problem with Kerberos ticket keytab

Flashdown flashdown at data-core.org
Mon Feb 5 16:52:39 UTC 2018


Also on a specific interval windows will automatically refresh kerberos tickets in the background but when depends on your domain settings and I am unsure about the default interval.

Am 5. Februar 2018 17:46:29 MEZ schrieb Enrico Heine <flashdown at data-core.org>:
>Only users that can't use the proxy need to do it.
>
>Am 5. Februar 2018 17:43:58 MEZ schrieb Enrico Heine
><flashdown at data-core.org>:
>>This is maybe because the users have a old kerberos ticket and need to
>>renew it. So simple solution for them is to log off and logon again to
>>their windows PC or they can close the browsers and tools that need to
>>authenticate against the proxy afterwards they should lock and
>directly
>>unlock their station --> this will force windows to refresh their
>>kerberos ticket. After all did it these messages will disappear,
>>sometimes it's easier to tell the users to just restart their PC. 
>>
>>Am 5. Februar 2018 17:09:04 MEZ schrieb erdosain9
>><erdosain9 at gmail.com>:
>>>Ok. 
>>>Thanks
>>>
>>>Know the ticket is fine, and is working (people are going throug
>>>internet
>>>and i see in access.log there user names).... but... im having this
>>>error in
>>>the log.
>>>
>>>2018/02/05 12:56:46 kid1| ERROR: Negotiate Authentication validating
>>>user.
>>>Result: {result=BH, notes={message: gss_accept_sec_context() failed:
>>>Unspecified GSS failure.  Minor code may provide more information.
>>>Cannot
>>>decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key
>>>for
>>>HTTP/squid.domain.lan-DOMAIN.LAN; }}
>>>2018/02/05 12:57:55 kid1| ERROR: Negotiate Authentication validating
>>>user.
>>>Result: {result=BH, notes={message: gss_accept_sec_context() failed:
>>>Unspecified GSS failure.  Minor code may provide more information.
>>>Cannot
>>>decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key
>>>for
>>>HTTP/squid.domain.lan-DOMAIN.LAN; }}
>>>(END)
>>>
>>>I change @ for - 
>>>
>>>Thanks.
>>>
>>>
>>>
>>>--
>>>Sent from:
>>>http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
>>>_______________________________________________
>>>squid-users mailing list
>>>squid-users at lists.squid-cache.org
>>>http://lists.squid-cache.org/listinfo/squid-users
>>
>>-- 
>>Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>
>-- 
>Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180205/4928cb1c/attachment.html>


More information about the squid-users mailing list