Author Topic: HTTP Proxy AD [SOLVED]  (Read 1962 times)

AngeloBRG

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
HTTP Proxy AD [SOLVED]
« on: April 29, 2014, 04:41:41 pm »
Version: 3.4.2
After an update of the Zentyal Proxy component is presenting problem. I have the same integrated with AD via LDAP, but the following message when trying to access the rules appear:

It is not possible to Obtain the Kerberos ticket to connect to LDAP: could not acquire credentials credentials using an initial context: preauthentication failed

There is possibility to generate this credential again without reinstalling anything?

Thanks,
« Last Edit: July 25, 2014, 08:24:02 pm by AngeloBRG »

AngeloBRG

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy AD
« Reply #1 on: July 21, 2014, 04:30:22 pm »
has anyone ever experienced this situation?

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: HTTP Proxy AD
« Reply #2 on: July 21, 2014, 08:34:57 pm »
Hello:

1) Make sure both servers are synced in time
2) Make sure that an account for the Zentyal box exists on "CN=Computers" on the DC. You must not move this account

AngeloBRG

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy AD
« Reply #3 on: July 21, 2014, 10:23:46 pm »
Hi,

Yes, the clock is sincronied.
The account exists in OU Computers.

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: HTTP Proxy AD
« Reply #4 on: July 22, 2014, 11:13:08 am »
Hello:

Is the account you provided in users config for the AD stil valid?

AngeloBRG

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy AD
« Reply #5 on: July 22, 2014, 02:32:14 pm »
Yes, the account is active.

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: HTTP Proxy AD
« Reply #6 on: July 22, 2014, 03:01:21 pm »
Does restarting users module report an error? If youd elete teh computer account on the AD, the same error still happens?

AngeloBRG

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy AD
« Reply #7 on: July 23, 2014, 08:17:15 pm »
If I restart the module users the error does not occur.

if I delete the computer and restart the squid ad he creates new computer arrives operating normally for a period but then days later the problem occurs again.

AngeloBRG

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy AD
« Reply #8 on: July 23, 2014, 09:12:01 pm »
This is the log erro of zentyal.log when i tried access the proxy menu interface "rules"

2014/07/23 16:10:11 DEBUG> ExternalAD.pm:195 EBox::LDAP::ExternalAD::connectWithKerberos - Não é possivél obter o ticket Kerberos para se ligar ao LDAP: could not acquire credentials using an initial credentials context: Preauthentication failed
2014/07/23 16:10:11 ERROR> Base.pm:207 EBox::CGI::Base::_print - Error printing method section _body

But i can access internet via browser with authentication

AngeloBRG

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy AD
« Reply #9 on: July 25, 2014, 08:22:42 pm »
I fixed the problem by adding the / etc/krb5.conf the parameters:

[realms]
    Domain.local = {
       kdc = srv-dc01.domain.local
       admin_server = srv-dc01.domain.local
       default_domain = domain.local
    }

[domain_realm]
     . = domain.local domain.local
     = domain.local domain.local

Like / etc/krb5.conf is recreated every time the service is started or restarted I created the script / etc / Zentyal / hooks / users.preservice with the following content:

echo "" >> / etc/krb5.conf
echo "[realms]" >> / etc/krb5.conf
echo "domain.local = {" >> / etc/krb5.conf
echo "kdc = srv-dc01.domain.local" >> / etc/krb5.conf
echo "admin_server = srv-dc01.domain.local" >> / etc/krb5.conf
echo "default_domain = domain.local" >> / etc/krb5.conf
echo "}" >> / etc/krb5.conf
echo "" >> / etc/krb5.conf
echo "[domain_realm]" >> / etc/krb5.conf
echo ". domain.local domain.local =" >> / etc/krb5.conf
echo "domain.local domain.local =" >> / etc/krb5.conf