Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 3634 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Explicit Proxy gss_accept_sec_context: Key table entry not found

Idriel
2015:03:10-08:44:36 zg-utm01-1 httpproxy[6288]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4385800" function="adir_auth_process_negotiate" file="auth_adir.c" line="1529" message="gss_accept_sec_context: Key table entry not found"
2015:03:10-08:44:37 zg-utm01-1 httpproxy[6288]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4385800" function="adir_auth_process_negotiate" file="auth_adir.c" line="1529" message="gss_accept_sec_context: Key table entry not found"
2015:03:10-08:44:37 zg-utm01-1 httpproxy[6288]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4385800" function="adir_auth_process_negotiate" file="auth_adir.c" line="1529" message="gss_accept_sec_context: Key table entry not found"
2015:03:10-08:44:38 zg-utm01-1 httpproxy[6288]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4385800" function="adir_auth_process_negotiate" file="auth_adir.c" line="1529" message="gss_accept_sec_context: Key table entry not found"
2015:03:10-08:44:38 zg-utm01-1 httpproxy[6288]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4385800" function="adir_auth_process_negotiate" file="auth_adir.c" line="1529" message="gss_accept_sec_context: Key table entry not found"
2015:03:10-08:44:38 zg-utm01-1 httpproxy[6288]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4385800" function="adir_auth_process_negotiate" file="auth_adir.c" line="1529" message="gss_accept_sec_context: Key table entry not found"
2015:03:10-08:44:38 zg-utm01-1 httpproxy[6288]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4385800" function="adir_auth_process_negotiate" file="auth_adir.c" line="1529" message="gss_accept_sec_context: Key table entry not found" 


What is this error, now. In Explicit proxy. Hot to fix AD SSO?


This thread was automatically locked due to age.
  • 0
    Just to notice that I add UTM in Domain under one name
    utm.domain.local
    create custom DNS name
    webproxy.domain.local
    setspn HTTP/webproxy.domain.local AD_User
    setspn HTTP/webproxy AD_User

    and now as Proxy we set webproxy.domain.local:8080

    NTLM is working.
  • 0 in reply to Idriel
    This looks like answer to this, I'll try this and let you the outcome. 

    From this thread:
    https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/44463
    To add entries to the keytable, you can do the following:

    net ads keytab add $ENTRY -U username%password

    In the command, $ENTRY has to be one of the following (and you'll need to add each
    one):
    host/FQDN@domain
    host/hostname@domain
    hostname@domain
    HTTP/FQDN@domain
    HTTP/hostname@domain

    To see your keytab, you can run the following commands:
    ktutil (this will switch to a different shell) read_kt /etc/krb5.keytab list q (to quit)

    Here is an example of my testlab keytab file:
    1 4 host/dot10.ad2.testastaro.com@AD2.TESTASTARO.COM
    2 4 host/dot10.ad2.testastaro.com@AD2.TESTASTARO.COM
    3 4 host/dot10.ad2.testastaro.com@AD2.TESTASTARO.COM
    4 4 host/dot10@AD2.TESTASTARO.COM
    5 4 host/dot10@AD2.TESTASTARO.COM
    6 4 host/dot10@AD2.TESTASTARO.COM
    7 4 DOT10$@AD2.TESTASTARO.COM
    8 4 DOT10$@AD2.TESTASTARO.COM
    9 4 DOT10$@AD2.TESTASTARO.COM
    10 4 HTTP/dot10.ad2.testastaro.com@AD2.TESTASTARO.COM
    11 4 HTTP/dot10.ad2.testastaro.com@AD2.TESTASTARO.COM
    12 4 HTTP/dot10.ad2.testastaro.com@AD2.TESTASTARO.COM
    13 4 HTTP/dot10@AD2.TESTASTARO.COM
    14 4 HTTP/dot10@AD2.TESTASTARO.COM
    15 4 HTTP/dot10@AD2.TESTASTARO.COM