Wheezy - Squid3 Kerberos

tocks · Février 21, 2016, 7:15pm

Bonjour,

j’essaie d’installer squid3 sur une Wheezy avec authentification Kerberos. J’ai dans mon infrastructure un serveur AD 2008 R2.

Je suis un tuto : kns7.org/informatique/3/33/P … ctory.html

Mais je rencontre un problème au moment d’ajouter le serveur squid dans le domaine.

Je trouve beaucoup de personne qui ont ce problème sur google, mais je ne trouve pas de solution.

Avez vous une idée ? Merci d’avance

Je vous laisse mes logs :

[code]root@Serv-Proxy:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur@MONDOMAINE.LOCAL

Valid starting Expires Service principal
26/11/2013 19:53:48 27/11/2013 05:53:53 krbtgt/MONDOMAINE.LOCAL@MONDOMAINE.LOCAL
renew until 27/11/2013 19:53:48
root@Serv-Proxy:~#
root@Serv-Proxy:~# msktutil -c -b “CN=COMPUTERS” -s HTTP/serv-proxy.mondomaine.local -k /etc/squid3/PROXY.keytab --computer-name SERV-PROXY --upn HTTP/serv-proxy.mondomaine.local --server serv-ad-1.mondomaine.local --verbose --enctypes 28
– init_password: Wiping the computer password structure
– create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-7VQLpi
– reload: Reloading Kerberos Context
– finalize_exec: SAM Account Name is: SERV-PROXY$
– try_machine_keytab_princ: Trying to authenticate for SERV-PROXY$ from local keytab…
– try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
– try_machine_keytab_princ: Authentication with keytab failed
– try_machine_keytab_princ: Trying to authenticate for host/serv-proxy from local keytab…
– try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
– try_machine_keytab_princ: Authentication with keytab failed
– try_machine_password: Trying to authenticate for SERV-PROXY$ with password.
– try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
– try_machine_password: Authentication with password failed
– try_user_creds: Checking if default ticket cache has tickets…
– finalize_exec: Authenticated using method 4

– ldap_connect: Connecting to LDAP server: serv-ad-1.mondomaine.local try_tls=YES
– ldap_connect: Connecting to LDAP server: serv-ad-1.mondomaine.local try_tls=NO
SASL/GSSAPI authentication started
Error: ldap_sasl_interactive_bind_s failed (Local error)
Error: ldap_connect failed
–> Is your kerberos ticket expired? You might try re-"kinit"ing.
– ~KRB5Context: Destroying Kerberos Context

root@Serv-Proxy:~# hostname
Serv-Proxy
root@Serv-Proxy:~# hostname -f
Serv-Proxy
root@Serv-Proxy:~#

root@Serv-Proxy:~# msktutil -v
msktutil version 0.4
root@Serv-Proxy:~#

root@Serv-Proxy:~# klist -k
Keytab name: FILE:/etc/squid3/PROXY.keytab
klist: Aucun fichier ou dossier de ce type while starting keytab scan
root@Serv-Proxy:~#

[/code]