[squid-users] Re: squid_kerb_auth: Unspecified GSS failure (W2K8)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Wed, 30 Oct 2013 20:53:45 -0000

Hi Mihail,

   Did you use export KRB5_KTNAME to point to the right keytab ? Is the
keytab readable by the user under which squid runs ?

Markus

"Mihail Lukin" wrote in message
news:CAAmm_rZ8jNoeFMRGthiYeHQ+GgSfmySFnw8708dwdDVUW3=R_g_at_mail.gmail.com...

Hello,

I'm trying to configure Squid 3.1 to authenticate through AD with W2K8
DC with Kerberos. I used this how-to:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos on
CentOS 6 box that I've joined to domain with `net ads join`.

Now I'm getting the error in cache.log when I'm trying to visit any
URL through this proxy:

2013/10/30 17:07:41| squid_kerb_auth: DEBUG: Got 'YR base64 encoded
data' from squid (length: 2295).
2013/10/30 17:07:41| squid_kerb_auth: DEBUG: Decode 'base64 encoded
data' (decoded length: 1717).
2013/10/30 17:07:41| squid_kerb_auth: ERROR: gss_acquire_cred()
failed: Unspecified GSS failure. Minor code may provide more
information.
2013/10/30 17:07:41| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH gss_acquire_cred()
failed: Unspecified GSS failure. Minor code may provide more information. '

I could not figure out what the "minor code" is... I googled a lot with no
luck.
Any help is very appreciated. Thanks in advance!
Received on Wed Oct 30 2013 - 20:54:08 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 31 2013 - 12:00:08 MDT