Web lists-archives.com

Re: [Samba] added spn and exported keytab not match




On Thu, 30 Nov 2017 11:11:27 +0400
Mike Lykov via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello All.
> 
> I am using Samba AD DC and Linux server with Squid, and
> I try to configure kerberos authentication for proxy server users.
> I need to add SPN for user and then export keytab with it to file.
> 
> I am add user with RSAT and add SPN for it with samba-tool (like 
> https://wiki.samba.org/index.php/Generating_Keytabs):
> --------------------
> root@ad41:/# samba-tool spn list proxy
> proxy
> User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following 
> servicePrincipalName:
>           HTTP/proxy.S****.ru@DC.S****.RU
>           host/proxy.S****.ru@DC.S****.RU

I am not an expert on squid by any means, but you seem to be adding
SPNs meant for a computer account to a user account i.e.
'proxy.S****.ru' would be a FQDN.
Also, the 'S****.ru' should 'dc.s****.ru'

I think you are going to have to wait until Louis gets over the flu, he
is the expert on squid ;-)

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba