Имеется система:
Код: Выделить всё
FreeBSD server.domain.ru 9.2-RELEASE-p10 FreeBSD 9.2-RELEASE-p10
Код: Выделить всё
# squid -v
Squid Cache: Version 3.5.11
Service Name: squid
configure options: '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache' '--without-gnutls' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--disable-arch-native' '--disable-eui' '--disable-cache-digests' '--enable-delay-pools' '--disable-ecap' '--disable-esi' '--disable-follow-x-forwarded-for' '--disable-htcp' '--disable-icap-client' '--disable-icmp' '--disable-ident-lookups' '--disable-ipv6' '--enable-kqueue' '--with-large-files' '--disable-http-violations' '--without-nettle' '--disable-snmp' '--enable-ssl' '--disable-ssl-crtd' '--disable-stacktraces' '--disable-ipf-transparent' '--disable-ipfw-transparent' '--disable-pf-transparent' '--without-nat-devpf' '--disable-forw-via-db' '--enable-wccp' '--enable-wccpv2' '--with-heimdal-krb5=/usr' 'CFLAGS=-I/usr/include -pipe -I/usr/local/include -I/usr/local/include -I/usr/include -g -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS=-L/usr/lib -L/usr/local/lib -L/usr/local/lib -L/usr/lib -fstack-protector' 'LIBS=-lkrb5 -lgssapi -lgssapi_krb5 ' 'KRB5CONFIG=/usr/bin/krb5-config' '--enable-auth-basic=DB SMB_LM MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam LDAP SASL NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group kerberos_ldap_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm' '--without-pthreads' '--enable-storeio=ufs' '--enable-disk-io=AIO Blocking IpcIo Mmapped' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-storeid-rewrite-helpers=file' '--with-openssl=/usr' '--disable-optimizations' '--enable-debug-cbdata' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd9.2' 'build_alias=amd64-portbld-freebsd9.2' 'CC=cc' 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-pipe -I/usr/local/include -I/usr/local/include -I/usr/include -g -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing' 'CPP=cpp' --enable-ltdl-convenience
До недавних пор все работало хорошо (что случилось не знаю, сейчас там не работаю)
Время на сервере и КД совпадает.
кейтаб:
Код: Выделить всё
# ktutil -k /etc/krb5.keytab list
/etc/krb5.keytab:
Vno Type Principal
3 arcfour-hmac-md5 HTTP/server.domain.ru@DOMAIN.RU
Код: Выделить всё
# kinit -k HTTP/server.domain.ru
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: HTTP/server.domain.ru@DOMAIN.RU
Issued Expires Principal
Nov 19 09:20:39 Nov 19 19:20:35 krbtgt/DOMAIN.RU@DOMAIN.RU
Код: Выделить всё
negotiate_kerberos_auth.cc(180): pid=3435 :2015/11/19 15:23:13| negotiate_kerberos_auth: ERROR: gss_accept_sec_context() failed: Miscellaneous failure (see text). unknown mech-code 0 for mech unknown
2015/11/19 15:23:13 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Miscellaneous failure (see text). unknown mech-code 0 for mech unknown; }}