find / -name msktutil
That's it? Well your msktutil has vamoosed. Very strange.
the 'locate' command uses a database that might be a day old, so try the find command, but try it as a superuser (with su or sudo, I can't remember which Debian uses) just in case the permissions are bananas on msktutil.
As a last resort you could run dpkg to install that .deb file and hope that it re-installs it.
Last edited by jinnantonnixx; 21st May 2014 at 04:23 PM.
Well, the deb file is there (hopefully) so that's worth a shot.
sudo (or su) dpkg -i /var/cache/apt/archives/msktutil_0.4-2_amd64.deb
I bet you wished you left it alone now.
Last edited by jinnantonnixx; 21st May 2014 at 04:39 PM.
I ran the command and it said complains about a dependency problem - msktutil depends on libkrb53 as it's not installed, when it was. When I run sudo apt-get install krb5-user libkrb53 says it's not available, but is referred to by another package which may be missing or has been obsoleted.
Sound like you're having a typical 'my sortta day',
Well, you'll need msktutil either way.
sudo apt-get update
sudo apt-get install msktutil
If it's not in the repository, see if this works: msktutil_0.5.1-1_amd64.deb Debian Jessie Download and see if you can install it with dpkg.
Failing that, you'll have to build it. That's not as bad as it sounds, I did it when I needed it (I used Centos, but the principle is the same). If memory serves you'll need to install 'build essentials' or something similar, but let's burn that bridge when we come to it
Last edited by jinnantonnixx; 21st May 2014 at 05:05 PM.
Have you run update and upgrade on your server to get all components up to date?
sudo apt-get update
sudo apt-get upgrade
I've just ran msktutil --auto-update --verbose --computer-name squidproxy-k and it actually ran without errors. I've just deleted the account from AD, let it synch and re ran it to get it back into AD. I've just tried browsing IE and it still prompts for authentication. I'll try the other commands again tomorrow and see what happens.
Progress! Of sorts, anyway.
I would definitely delete the AD computer account, and tomorrow re-run the msktutil with the additional parameters I mentioned.
Don't forget to delete the keytab files
then run 'kinit Administrator' before attempting the msktutil.
Then set the keytab permissions
chmod 660 /etc/squid/HTTP.keytab
chown squid:squid /etc/squid/HTTP.keytab
List the Kerberos tickets with the command
If you get a failure after the inital msktutil, don't despair - try this a few times
msktutil --auto-update --verbose
If that fails, then despair.
If it still doesn't work, change your squid.conf so that the NTLM auth directive appears above the Kerberos directive (or even comment the Kerberos line out with a '#'). NTLM isn't a pretty authenticator, but if it works it will buy you time.
Last edited by jinnantonnixx; 21st May 2014 at 05:48 PM.
I've ran the klist -ekt command and it's returned a list of tokens for the server.
Install kerbtray (it's in one of the Windows resource kits - PITA to find) and stick it on one of the client windows machines.
It'll appear in the system tray (bottom right), use it to view the Kerberos tickets on the machine.
Then use it to delete all Kerberos tickets
Close the browser and reopen it, and see if you get any fresh tickets from the Squid server.
Foudn a link
Last edited by jinnantonnixx; 22nd May 2014 at 01:00 PM.
It's defiantly the Kerberos that's causing the issue. I commented it out this morning and it allowed traffic through IE without authentication. The only problem is that it doesn't like https traffic?
Any ideas on how to get around this?
There are currently 1 users browsing this thread. (0 members and 1 guests)