AW: [squid-users] Authentication on Active Directory

@Adrian: Thank you for youre fast answer. Maybe you can help me a bit with the configuration with Kerberos ?

Most steps are working on my system:

- I have a Kerberos ticket
- wbinfo -g shows the groups in the AD
- getent -g shows the groups in the AD, too

But there´s a problem with the squid configuration:

I have the following entrie in the squid.conf:

external_acl_type www_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/squid_unix_group -g www
external_acl_type ebay_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/squid_unix_group -g Ebay

Users in the two groups www and Ebay should go to the internet. This worked on our "old" proxy with squid 2.5 without Kerberos.

If I now start squid and use it as proxy, I get a TCP_DENIED in the access.log and in the cache.log the following entries:

helper: Group does not exist 'Lutz'
helper: Group does not exist 'X<AB>^D^H<F2><87>^D^H'
helper: Group does not exist '<88>^Wοy<97>^D^Hu<B8>v'
helper: Group does not exist '<C9><C3>'
helper: Group does not exist '<9C><8D><87>'
helper: Group does not exist '<A0>6z'
helper: Group does not exist '<E8>^Wο<EC>]u'
helper: Group does not exist '<8D><83><E8><FE><FF><FF><89>E<F0><8D><83><E8><FE><FF><FF>)E<F0><C1>}<F0>^B<8B>U
                        <B6>'
helper: Group does not exist '<81><C3>^?<D7>^P'
helper: Group does not exist '_^\ο<8A>^\ο<9A>^\ο<A5>^\ο<B3>^\ο<D3>^\ο<E6>^\ο<F0>^\ο<B3>^^ο<D6>^^ο<F0>^^ο<FF>
^^ο^T^_ο%^_ο;^_οC^_οP^_ο<81>^_ο<A3>^_ο<B8>^_ο<CA>^_ο'
helper: Group does not exist '^C'
helper: Group does not exist '<9C><8D><87>'
helper: Group does not exist ''
helper: Group does not exist 'Lutz'
helper: Group does not exist 'X<AB>^D^H<F2><87>^D^H'
helper: Group does not exist 'x6<97><BF>y<97>^D^Hu<B8>v'
helper: Group does not exist '<C9><C3>'
helper: Group does not exist '<9C><8D><87>'
helper: Group does not exist '<A0>6z'
helper: Group does not exist '<D8>6<97><BF><EC>]u'
helper: Group does not e<B6>''<8D><83><E8><FE><FF><FF><89>E<F0><8D><83><E8><FE><FF><FF>)E<F0><C1>}<F0>^B<8B>U
helper: Group does not exist '<81><C3>^?<D7>^P'
helper: Group does not exist '_L<97><BF><8A>L<97><BF><9A>L<97><BF><A5>L<97><BF><B3>L<97><BF><D3>L<97><BF><E6>
L<97><BF><F0>L<97><BF><B3>N<97><BF><D6>N<97><BF><F0>N<97><BF><FF>N<97><BF>^TO<97><BF>%O<97><BF>;O<97><BF>CO
<97><BF>PO<97><BF><81>O<97><BF><A3>O<97><BF><B8>O<97><BF><CA>O<97><BF>'
helper: Group does not exist '^C'
helper: Group does not exist '<9C><8D><87>'
helper: Group does not exist ''

Have you an idea ?
Received on Tue Nov 27 2007 - 04:31:38 MST