Good Day!
I am trying to make a Proxy server that requires authentification on Active Directory
now I am having a problem configuring the Proxy Server's Kerberos
any help would really be appreciated. Thank you!!
Below is the error I am getting when using msktutil:
#############################################################################################################################################################################################################
root@BTSProxy:/etc/squid3# msktutil -c -b "CN-COMPUTERS" -s HTTP/BTSProxy -k /etc/squid3/PROXY.keytab --computer-name BTSPROXY-K --upn HTTP/BTSProxy --server DC2012r2set1.intranet.de --verbose
-- init_password: Wiping the computer password structure
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-y06SIP
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: BTSPROXY-K$
-- try_machine_keytab_princ: Trying to authenticate for BTSPROXY-K$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Unsupported key table format version number)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for host/btsproxy.intranet.de from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_password: Trying to authenticate for BTSPROXY-K$ with password.
-- try_machine_password: Error: krb5_get_init_creds_keytab failed (Preauthentication failed)
-- try_machine_password: Authentication with password failed
-- try_user_creds: Checking if default ticket cache has tickets...
-- finalize_exec: Authenticated using method 4
-- ldap_connect: Connecting to LDAP server: DC2012r2set1.intranet.de try_tls=YES
-- ldap_connect: Connecting to LDAP server: DC2012r2set1.intranet.de try_tls=NO
SASL/GSSAPI authentication started
SASL username: administrator@INTRANET.DE
SASL SSF: 56
SASL data security layer installed.
-- ldap_connect: LDAP_OPT_X_SASL_SSF=56
-- ldap_get_base_dn: Determining default LDAP base: dc=INTRANET,dc=DE
-- init_password: Wiping the computer password structure
-- generate_new_password: Generating a new, random password for the computer account
-- generate_new_password: Characters read from /dev/udandom = 82
-- ldap_check_account: Checking that a computer account for BTSPROXY-K$ exists
-- ldap_check_account: Checking computer account - found
-- ldap_check_account: Found userAccountControl = 0x1000
-- ldap_check_account: Found supportedEncryptionTypes = 28
-- ldap_check_account: Found dNSHostName = btsproxy.intranet.de
-- ldap_check_account: Found Principal: HTTP/BTSProxy.intranet.de
-- ldap_check_account: Found Principal: host/btsproxy.intranet.de
-- ldap_check_account: Found User Principal: HTTP/BTSProxy.intranet.de
-- ldap_check_account_strings: Inspecting (and updating) computer account attributes
-- ldap_simple_set_attr: Calling ldap_modify_ext_s to set userPrincipalName to HTTP/BTSProxy@INTRANET.DE
-- ldap_simple_set_attr: ldap_modify_ext_s failed (Constraint violation)
-- ldap_set_supportedEncryptionTypes: No need to change msDs-supportedEncryptionTypes they are 28
-- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0
-- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000
-- set_password: Attempting to reset computer's password
-- set_password: Try change password using user's ticket cache
-- ldap_get_pwdLastSet: pwdLastSet is 131297269925813776
-- set_password: Successfully set password, waiting for it to be reflected in LDAP.
-- ldap_get_pwdLastSet: pwdLastSet is 131297296586674661
-- set_password: Successfully reset computer's password
-- ldap_add_principal: Checking that adding principal HTTP/BTSProxy to BTSPROXY-K$ won't cause a conflict
Error: Another computer account (CN=BTSProxy,CN=Computers,DC=intranet,DC=de) has the principal HTTP/BTSProxy
Error: ldap_add_principal failed
-- execute: Updating all entries for btsproxy.intranet.de in the keytab WRFILE:/etc/squid3/PROXY.keytab
-- update_keytab: Updating all entires for BTSPROXY-K$
-- ldap_get_kvno: KVNO is 4
-- add_principal_keytab: Adding principal to keytab: BTSPROXY-K$
-- add_principal_keytab: Using salt of INTRANET.DEhostbtsproxy-k.intranet.de
-- add_principal_keytab: Adding entry of enctype 0x17
Error: krb5_kt_add_entry failed (Unsupported key table format version number)
-- ~KRB5Context: Destroying Kerberos Context
#####################################################################################################################################################################
Best Regards,
RR
I am trying to make a Proxy server that requires authentification on Active Directory
now I am having a problem configuring the Proxy Server's Kerberos
any help would really be appreciated. Thank you!!
Below is the error I am getting when using msktutil:
#############################################################################################################################################################################################################
root@BTSProxy:/etc/squid3# msktutil -c -b "CN-COMPUTERS" -s HTTP/BTSProxy -k /etc/squid3/PROXY.keytab --computer-name BTSPROXY-K --upn HTTP/BTSProxy --server DC2012r2set1.intranet.de --verbose
-- init_password: Wiping the computer password structure
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-y06SIP
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: BTSPROXY-K$
-- try_machine_keytab_princ: Trying to authenticate for BTSPROXY-K$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Unsupported key table format version number)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for host/btsproxy.intranet.de from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_password: Trying to authenticate for BTSPROXY-K$ with password.
-- try_machine_password: Error: krb5_get_init_creds_keytab failed (Preauthentication failed)
-- try_machine_password: Authentication with password failed
-- try_user_creds: Checking if default ticket cache has tickets...
-- finalize_exec: Authenticated using method 4
-- ldap_connect: Connecting to LDAP server: DC2012r2set1.intranet.de try_tls=YES
-- ldap_connect: Connecting to LDAP server: DC2012r2set1.intranet.de try_tls=NO
SASL/GSSAPI authentication started
SASL username: administrator@INTRANET.DE
SASL SSF: 56
SASL data security layer installed.
-- ldap_connect: LDAP_OPT_X_SASL_SSF=56
-- ldap_get_base_dn: Determining default LDAP base: dc=INTRANET,dc=DE
-- init_password: Wiping the computer password structure
-- generate_new_password: Generating a new, random password for the computer account
-- generate_new_password: Characters read from /dev/udandom = 82
-- ldap_check_account: Checking that a computer account for BTSPROXY-K$ exists
-- ldap_check_account: Checking computer account - found
-- ldap_check_account: Found userAccountControl = 0x1000
-- ldap_check_account: Found supportedEncryptionTypes = 28
-- ldap_check_account: Found dNSHostName = btsproxy.intranet.de
-- ldap_check_account: Found Principal: HTTP/BTSProxy.intranet.de
-- ldap_check_account: Found Principal: host/btsproxy.intranet.de
-- ldap_check_account: Found User Principal: HTTP/BTSProxy.intranet.de
-- ldap_check_account_strings: Inspecting (and updating) computer account attributes
-- ldap_simple_set_attr: Calling ldap_modify_ext_s to set userPrincipalName to HTTP/BTSProxy@INTRANET.DE
-- ldap_simple_set_attr: ldap_modify_ext_s failed (Constraint violation)
-- ldap_set_supportedEncryptionTypes: No need to change msDs-supportedEncryptionTypes they are 28
-- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0
-- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000
-- set_password: Attempting to reset computer's password
-- set_password: Try change password using user's ticket cache
-- ldap_get_pwdLastSet: pwdLastSet is 131297269925813776
-- set_password: Successfully set password, waiting for it to be reflected in LDAP.
-- ldap_get_pwdLastSet: pwdLastSet is 131297296586674661
-- set_password: Successfully reset computer's password
-- ldap_add_principal: Checking that adding principal HTTP/BTSProxy to BTSPROXY-K$ won't cause a conflict
Error: Another computer account (CN=BTSProxy,CN=Computers,DC=intranet,DC=de) has the principal HTTP/BTSProxy
Error: ldap_add_principal failed
-- execute: Updating all entries for btsproxy.intranet.de in the keytab WRFILE:/etc/squid3/PROXY.keytab
-- update_keytab: Updating all entires for BTSPROXY-K$
-- ldap_get_kvno: KVNO is 4
-- add_principal_keytab: Adding principal to keytab: BTSPROXY-K$
-- add_principal_keytab: Using salt of INTRANET.DEhostbtsproxy-k.intranet.de
-- add_principal_keytab: Adding entry of enctype 0x17
Error: krb5_kt_add_entry failed (Unsupported key table format version number)
-- ~KRB5Context: Destroying Kerberos Context
#####################################################################################################################################################################
Best Regards,
RR