+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 34
*nix Thread, Squid Proxy, Debian and NTLM - Need Help in Technical; Odd! locate msktutil or find / -name msktutil...
  1. #16

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,016
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Odd!

    locate msktutil

    or

    find / -name msktutil

  2. #17
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    Quote Originally Posted by jinnantonnixx View Post
    Odd!

    locate msktutil

    or

    find / -name msktutil
    locate msktutil returns /var/cache/apt/archives/msktutil_0.4-2_amd64.deb

  3. #18

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,016
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    That's it? Well your msktutil has vamoosed. Very strange.

    the 'locate' command uses a database that might be a day old, so try the find command, but try it as a superuser (with su or sudo, I can't remember which Debian uses) just in case the permissions are bananas on msktutil.

    As a last resort you could run dpkg to install that .deb file and hope that it re-installs it.
    Last edited by jinnantonnixx; 21st May 2014 at 03:23 PM.

  4. #19
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    Quote Originally Posted by jinnantonnixx View Post
    That's it? Well your msktutil has vamoosed. Very strange.

    the 'locate' command uses a database that might be a day old, so try the find command, but try it as a superuser (with su or sudo, I can't remember which Debian uses) just in case the permissions are bananas on msktutil.

    As a last resort you could run dpkg to install that .deb file and hope that it re-installs it.
    I've ran the find with sudo command it doesn't return anything. Just returns to the command line. When I try and reinstall it from the website in the guide I sued it fails as the cert on the website has failed.

  5. #20

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,016
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Well, the deb file is there (hopefully) so that's worth a shot.

    sudo (or su) dpkg -i /var/cache/apt/archives/msktutil_0.4-2_amd64.deb

    http://www.cyberciti.biz/howto/quest...heat-sheet.php


    I bet you wished you left it alone now.
    Last edited by jinnantonnixx; 21st May 2014 at 03:39 PM.

  6. #21
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    Quote Originally Posted by jinnantonnixx View Post
    Well, the deb file is there so that's worth a shot.

    sudo (or su) dpkg -i /var/cache/apt/archives/msktutil_0.4-2_amd64.deb

    dpkg cheat sheet


    I bet you wished you left it alone now.
    Yep! *bangs head on desk*

    I ran the command and it said complains about a dependency problem - msktutil depends on libkrb53 as it's not installed, when it was. When I run sudo apt-get install krb5-user libkrb53 says it's not available, but is referred to by another package which may be missing or has been obsoleted.

  7. #22

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,016
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Sound like you're having a typical 'my sortta day',

    Well, you'll need msktutil either way.

    Try this

    sudo apt-get update
    sudo apt-get install msktutil

    If it's not in the repository, see if this works: msktutil_0.5.1-1_amd64.deb Debian Jessie Download and see if you can install it with dpkg.

    Failing that, you'll have to build it. That's not as bad as it sounds, I did it when I needed it (I used Centos, but the principle is the same). If memory serves you'll need to install 'build essentials' or something similar, but let's burn that bridge when we come to it
    Last edited by jinnantonnixx; 21st May 2014 at 04:05 PM.

  8. #23
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    Quote Originally Posted by jinnantonnixx View Post
    Sound like you're having a typical 'my sortta day',

    Well, you'll need msktutil either way.

    Try this

    sudo apt-get update
    sudo apt-get install msktutil

    If it's not in the repository, see if this works: msktutil_0.5.1-1_amd64.deb Debian Jessie Download and see if you can install it with dpkg.

    Failing that, you'll have to build it. That's not as bad as it sounds, I did it when I needed it (I used Centos, but the principle is the same). If memory serves you'll need to install 'build essentials' or something similar, but let's burn that bridge when we come to it
    Tried that and after being told to run sudo apt-get install -f to fix errors, I loaded the Package Installer and pointed it at the downloaded deb file and it's come back with an error: dependency is not satisfiable: libc6 (>=2.14)

  9. #24

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,016
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Have you run update and upgrade on your server to get all components up to date?

    sudo apt-get update
    sudo apt-get upgrade

  10. #25
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    Quote Originally Posted by jinnantonnixx View Post
    Have you run update and upgrade on your server to get all components up to date?

    sudo apt-get update
    sudo apt-get upgrade
    Yep, it's just upgraded some more packages and it's still complaining and wont let me install it.

    I've just ran msktutil --auto-update --verbose --computer-name squidproxy-k and it actually ran without errors. I've just deleted the account from AD, let it synch and re ran it to get it back into AD. I've just tried browsing IE and it still prompts for authentication. I'll try the other commands again tomorrow and see what happens.

  11. #26

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,016
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Progress! Of sorts, anyway.

    I would definitely delete the AD computer account, and tomorrow re-run the msktutil with the additional parameters I mentioned.


    Don't forget to delete the keytab files
    rm /etc/squid/HTTP.keytab
    rm /etc/krb5.keytab

    then run 'kinit Administrator' before attempting the msktutil.

    Then set the keytab permissions
    chmod 660 /etc/squid/HTTP.keytab
    chown squid:squid /etc/squid/HTTP.keytab


    List the Kerberos tickets with the command
    klist -ekt

    If you get a failure after the inital msktutil, don't despair - try this a few times
    msktutil --auto-update --verbose

    If that fails, then despair.

    If it still doesn't work, change your squid.conf so that the NTLM auth directive appears above the Kerberos directive (or even comment the Kerberos line out with a '#'). NTLM isn't a pretty authenticator, but if it works it will buy you time.
    Last edited by jinnantonnixx; 21st May 2014 at 04:48 PM.

  12. #27
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    Quote Originally Posted by jinnantonnixx View Post
    Progress! Of sorts, anyway.

    I would definitely delete the AD computer account, and tomorrow re-run the msktutil with the additional parameters I mentioned.

    Don't forget to delete the keytab files
    rm /etc/squid/HTTP.keytab
    rm /etc/krb5.keytab

    then run 'kinit Administrator' before attempting the msktutil.

    Then set the keytab permissions
    chmod 660 /etc/squid/HTTP.keytab
    chown squid:squid /etc/squid/HTTP.keytab


    List the Kerberos tickets with the command
    klist -ekt

    If you get a failure after the inital msktutil, don't despair - try this a few times
    msktutil --auto-update --verbose

    If that fails, then despair.

    If it still doesn't work, change your squid.conf so that the NTLM auth directive appears above the Kerberos directive (or even comment the Kerberos line out with a '#'). NTLM isn't a pretty authenticator, but if it works it will buy you time.
    I deleted the account from AD this morning, and I have rejoined it using msktutil. I've ran the update command but it's still prompting for authentication in IE and working in Firefox. I tried your suggestion about the squid config and FF prompted me for my AD username and password and worked. IE on the other hand just gave me an access denied page.

    I've ran the klist -ekt command and it's returned a list of tokens for the server.

  13. #28

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,016
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Install kerbtray (it's in one of the Windows resource kits - PITA to find) and stick it on one of the client windows machines.
    It'll appear in the system tray (bottom right), use it to view the Kerberos tickets on the machine.
    Then use it to delete all Kerberos tickets
    Close the browser and reopen it, and see if you get any fresh tickets from the Squid server.

    Foudn a link
    http://www.computerperformance.co.uk...e.htm#Kerbtray
    Last edited by jinnantonnixx; 22nd May 2014 at 12:00 PM.

  14. #29
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    Quote Originally Posted by jinnantonnixx View Post
    Install kerbtray (it's in one of the Windows resource kits - PITA to find) and stick it on one of the client windows machines.
    It'll appear in the system tray (bottom right), use it to view the Kerberos tickets on the machine.
    Then use it to delete all Kerberos tickets
    Close the browser and reopen it, and see if you get any fresh tickets from the Squid server.

    Foudn a link
    Ezine Tools - Guy Windows toolkit of handy utilities
    I've ran it on my machine. When I purge tickets, then close and reopen IE I get asked for credentials which it refuses. After awhile it stops asking and I get access denied from squid. The kerbtray app lists 0 tickets, and says No Network credentials. However when I run klist in cmd it lists two tickets, one from krbtgt for the domain?, and one from the squid server (AES-256)

  15. #30
    JonThompson's Avatar
    Join Date
    Nov 2011
    Location
    Leicester
    Posts
    177
    Thank Post
    18
    Thanked 26 Times in 19 Posts
    Rep Power
    10
    It's defiantly the Kerberos that's causing the issue. I commented it out this morning and it allowed traffic through IE without authentication. The only problem is that it doesn't like https traffic?

    Any ideas on how to get around this?

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Squid Proxy. Forward IP of computer and not proxy?
    By dany2010 in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 29th October 2012, 08:40 AM
  2. [Ubuntu] Squid and NTLM
    By localzuk in forum *nix
    Replies: 7
    Last Post: 28th July 2010, 07:09 PM
  3. Squid Proxy Server and you tube video
    By wellscs in forum *nix
    Replies: 1
    Last Post: 15th April 2009, 03:47 PM
  4. Replies: 19
    Last Post: 15th October 2008, 02:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •