Hi,
I have a domain with 2008 and 2003 DCs. If I genus a keytab in windows 2008
only work with 2008 server's and if I genus a keytab with 2003 it not work
in 2008 or 2003. The last case error example
[root_at_proxyprueba ~]# kinit -V -k -t /etc/squid/.keytab proxyprueba.xxx.xxx
Using default cache: /tmp/krb5cc_0
Using principal: proxyprueba.xxx.xxx_at_XXX.XXX
Using keytab: /etc/squid/.keytab
kinit: Client not found in Kerberos database while getting initial
credentials
I use ktpass for generate the ticket
C:\>ktpass -princ HTTP/srvproxy.sertecin.local_at_SERTECIN.LOCAL -mapuser
sertecin\srvproxy -pass admin1234 -crypto rc4-hmac-nt -ptype
krb5_nt_principal -out squid.keytab
Can I generate a keytab for 2008 and 2003 dc's and XP/7 clients?
Does keytab work with squid_krb_auth, in affirmative case?
Is MNTL my unique option?
[root_at_proxyprueba ~]# more /etc/krb5.conf
[logging]
default = FILE:/var/log/krb/krb5libs.log
kdc = FILE:/var/log/krb/krb5kdc.log
admin_server = FILE:/var/log/krb/kadmind.log
[libdefaults]
default_realm = XXX.XXX
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
[realms]
ABG.CORP = {
default_domain = xxx.xxx
; kdc = srv-valdc01.xxx.xxx:88
kdc = srv-valdc02.xxx.xxx:88 --> dc site for clients login W2003
admin_server = srv-valdc02.xxx.xxx:749
}
[domain_realm]
xxx.xxx = XXX.XXX
.xxx.xxx = XXX.XXX
A lot of thanks
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-with-2008-2003-DC-tp4659198.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Mon Mar 25 2013 - 08:32:04 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 26 2013 - 12:00:05 MDT