Can you try kinit -V -k -t /etc/squid/.keytab HTTP/proxyprueba.xxx.xxx ?
Markus
"SPG" <spggps8.2_at_gmail.com> wrote in message
news:1364200322406-4659198.post_at_n4.nabble.com...
> Hi,
>
> I have a domain with 2008 and 2003 DCs. If I genus a keytab in windows
> 2008
> only work with 2008 server's and if I genus a keytab with 2003 it not work
> in 2008 or 2003. The last case error example
>
> [root_at_proxyprueba ~]# kinit -V -k -t /etc/squid/.keytab
> proxyprueba.xxx.xxx
> Using default cache: /tmp/krb5cc_0
> Using principal: proxyprueba.xxx.xxx_at_XXX.XXX
> Using keytab: /etc/squid/.keytab
> kinit: Client not found in Kerberos database while getting initial
> credentials
>
> I use ktpass for generate the ticket
>
> C:\>ktpass -princ HTTP/srvproxy.sertecin.local_at_SERTECIN.LOCAL -mapuser
> sertecin\srvproxy -pass admin1234 -crypto rc4-hmac-nt -ptype
> krb5_nt_principal -out squid.keytab
>
> Can I generate a keytab for 2008 and 2003 dc's and XP/7 clients?
> Does keytab work with squid_krb_auth, in affirmative case?
> Is MNTL my unique option?
>
> [root_at_proxyprueba ~]# more /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb/krb5libs.log
> kdc = FILE:/var/log/krb/krb5kdc.log
> admin_server = FILE:/var/log/krb/kadmind.log
>
> [libdefaults]
> default_realm = XXX.XXX
> default_tgs_enctypes = rc4-hmac
> default_tkt_enctypes = rc4-hmac
>
> [realms]
> ABG.CORP = {
> default_domain = xxx.xxx
> ; kdc = srv-valdc01.xxx.xxx:88
> kdc = srv-valdc02.xxx.xxx:88 --> dc site for clients login W2003
> admin_server = srv-valdc02.xxx.xxx:749
> }
>
> [domain_realm]
> xxx.xxx = XXX.XXX
> .xxx.xxx = XXX.XXX
>
> A lot of thanks
>
>
>
> --
> View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-with-2008-2003-DC-tp4659198.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
Received on Mon Mar 25 2013 - 19:39:30 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 26 2013 - 12:00:05 MDT