Re: [squid-users] Re: Squid + Kerberos + Active Directory

From: Truth Seeker <truth_seeker_3535_at_yahoo.com>
Date: Thu, 4 Jun 2009 01:40:22 -0700 (PDT)

Dear Markus,

please look in to the following informations;

[root_at_linuxproxy ~]# kinit -k -t HTTP.keytab HTTP/linuxproxy.panasonic.com
kinit(v5): No such file or directory while getting initial credentials
[root_at_linuxproxy ~]# kinit -k -t HTTP.keytab HTTP/linuxproxy
kinit(v5): Client not found in Kerberos database while getting initial credentials
[root_at_linuxproxy ~]#

included '-d' as the following;

auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d
auth_param negotiate children 10
auth_param negotiate keep_alive on

then far down... in debug section, debugging was also turned on.. as (without this, just with -d, it is not giving any output in the cachel.log)

debug_options ALL,1 33,2 28,9

NOTE: I tried three combinations to get the output in cache.log

1. following was enabled ;
        squid_kerb_auth -d
        debug_options ALL,1 33,2 28,9

2. only debug_options are enabled (no -d to squid_kerb_auth)

3. only squid_kerb_auth -d was enabled (debug_option was disabled)

Please have a look at the outputs...
 
1. following was enabled ;
        squid_kerb_auth -d
        debug_options ALL,1 33,2 28,9

and the output of cache.log;

2009/06/04 08:30:54.985| aclCheckFast: list: 0x8624f40
2009/06/04 08:30:54.985| ACLChecklist::preCheck: 0xbfafbde4 checking 'ident_lookup_access deny all'
2009/06/04 08:30:54.985| ACLList::matches: checking all
2009/06/04 08:30:54.985| ACL::checklistMatches: checking 'all'
2009/06/04 08:30:54.985| aclMatchIp: '192.168.4.222' found
2009/06/04 08:30:54.985| ACL::ChecklistMatches: result for 'all' is 1
2009/06/04 08:30:54.985| ACLList::matches: result is true
2009/06/04 08:30:54.985| aclmatchAclList: 0xbfafbde4 returning true (AND list satisfied)
2009/06/04 08:30:54.985| ACLChecklist::markFinished: 0xbfafbde4 checklist processing finished
2009/06/04 08:30:54.985| ACLChecklist::~ACLChecklist: destroyed 0xbfafbde4
2009/06/04 08:30:54.985| ACLChecklist::preCheck: 0x8931178 checking 'http_access allow manager localhost'
2009/06/04 08:30:54.985| ACLList::matches: checking manager
2009/06/04 08:30:54.985| ACL::checklistMatches: checking 'manager'
2009/06/04 08:30:54.985| ACL::ChecklistMatches: result for 'manager' is 0
2009/06/04 08:30:54.985| ACLList::matches: result is false
2009/06/04 08:30:54.985| aclmatchAclList: 0x8931178 returning false (AND list entry failed to match)
2009/06/04 08:30:54.985| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:30:54.985| ACLChecklist::preCheck: 0x8931178 checking 'http_access deny manager'
2009/06/04 08:30:54.985| ACLList::matches: checking manager
2009/06/04 08:30:54.985| ACL::checklistMatches: checking 'manager'
2009/06/04 08:30:54.985| ACL::ChecklistMatches: result for 'manager' is 0
2009/06/04 08:30:54.985| ACLList::matches: result is false
2009/06/04 08:30:54.985| aclmatchAclList: 0x8931178 returning false (AND list entry failed to match)
2009/06/04 08:30:54.985| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:30:54.985| ACLChecklist::preCheck: 0x8931178 checking 'http_access deny !Safe_ports'
2009/06/04 08:30:54.985| ACLList::matches: checking !Safe_ports
2009/06/04 08:30:54.985| ACL::checklistMatches: checking 'Safe_ports'
2009/06/04 08:30:54.985| ACL::ChecklistMatches: result for 'Safe_ports' is 1
2009/06/04 08:30:54.986| ACLList::matches: result is false
2009/06/04 08:30:54.986| aclmatchAclList: 0x8931178 returning false (AND list entry failed to match)
2009/06/04 08:30:54.986| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:30:54.986| ACLChecklist::preCheck: 0x8931178 checking 'http_access deny CONNECT !SSL_ports'
2009/06/04 08:30:54.986| ACLList::matches: checking CONNECT
2009/06/04 08:30:54.986| ACL::checklistMatches: checking 'CONNECT'
2009/06/04 08:30:54.986| ACL::ChecklistMatches: result for 'CONNECT' is 0
2009/06/04 08:30:54.986| ACLList::matches: result is false
2009/06/04 08:30:54.986| aclmatchAclList: 0x8931178 returning false (AND list entry failed to match)
2009/06/04 08:30:54.986| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:30:54.986| ACLChecklist::preCheck: 0x8931178 checking 'http_access deny !auth'
2009/06/04 08:30:54.986| ACLList::matches: checking !auth
2009/06/04 08:30:54.986| ACL::checklistMatches: checking 'auth'
2009/06/04 08:30:54.986| aclMatchAcl: returning 0 sending authentication challenge.
2009/06/04 08:30:54.986| ACL::ChecklistMatches: result for 'auth' is 0
2009/06/04 08:30:54.986| ACLList::matches: result is true
2009/06/04 08:30:54.986| aclmatchAclList: 0x8931178 returning false (AND list entry failed to match)
2009/06/04 08:30:54.986| ACLChecklist::checkForAsync: requiring Proxy Auth header.
2009/06/04 08:30:54.986| ACLChecklist::markFinished: 0x8931178 checklist processing finished
2009/06/04 08:30:54.986| aclmatchAclList: async=1 nodeMatched=1 async_in_progress=0 lastACLResult() = 1 finished() = 1
2009/06/04 08:30:54.986| ACLChecklist::check: 0x8931178 match found, calling back with 2
2009/06/04 08:30:54.986| ACLChecklist::checkCallback: 0x8931178 answer=2
2009/06/04 08:30:54.986| aclGetDenyInfoPage: got called for auth
2009/06/04 08:30:54.986| aclGetDenyInfoPage: no match
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.986| aclCheckFast: list: 0
2009/06/04 08:30:54.986| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.986| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.987| aclCheckFast: list: 0
2009/06/04 08:30:54.987| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.987| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.987| aclCheckFast: list: 0
2009/06/04 08:30:54.987| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.987| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.987| aclCheckFast: list: 0
2009/06/04 08:30:54.987| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.987| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.987| aclCheckFast: list: 0
2009/06/04 08:30:54.987| aclCheckFast: no matches, returning: 1
2009/06/04 08:30:54.987| ACLChecklist::~ACLChecklist: destroyed 0x893120c
2009/06/04 08:30:54.987| ACLChecklist::~ACLChecklist: destroyed 0x8931178
2009/06/04 08:30:54.987| ACLChecklist::~ACLChecklist: destroyed 0x8931178

2. only debug_options are enabled (no -d to squid_kerb_auth)

2009/06/04 08:35:34.444| aclCheckFast: list: 0x9de4f40
2009/06/04 08:35:34.444| ACLChecklist::preCheck: 0xbf9b9ca4 checking 'ident_lookup_access deny all'
2009/06/04 08:35:34.444| ACLList::matches: checking all
2009/06/04 08:35:34.444| ACL::checklistMatches: checking 'all'
2009/06/04 08:35:34.444| aclMatchIp: '192.168.4.222' found
2009/06/04 08:35:34.444| ACL::ChecklistMatches: result for 'all' is 1
2009/06/04 08:35:34.444| ACLList::matches: result is true
2009/06/04 08:35:34.444| aclmatchAclList: 0xbf9b9ca4 returning true (AND list satisfied)
2009/06/04 08:35:34.444| ACLChecklist::markFinished: 0xbf9b9ca4 checklist processing finished
2009/06/04 08:35:34.444| ACLChecklist::~ACLChecklist: destroyed 0xbf9b9ca4
2009/06/04 08:35:34.444| ACLChecklist::preCheck: 0xa0ed148 checking 'http_access allow manager localhost'
2009/06/04 08:35:34.444| ACLList::matches: checking manager
2009/06/04 08:35:34.444| ACL::checklistMatches: checking 'manager'
2009/06/04 08:35:34.444| ACL::ChecklistMatches: result for 'manager' is 0
2009/06/04 08:35:34.444| ACLList::matches: result is false
2009/06/04 08:35:34.444| aclmatchAclList: 0xa0ed148 returning false (AND list entry failed to match)
2009/06/04 08:35:34.444| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:35:34.444| ACLChecklist::preCheck: 0xa0ed148 checking 'http_access deny manager'
2009/06/04 08:35:34.444| ACLList::matches: checking manager
2009/06/04 08:35:34.444| ACL::checklistMatches: checking 'manager'
2009/06/04 08:35:34.444| ACL::ChecklistMatches: result for 'manager' is 0
2009/06/04 08:35:34.444| ACLList::matches: result is false
2009/06/04 08:35:34.444| aclmatchAclList: 0xa0ed148 returning false (AND list entry failed to match)
2009/06/04 08:35:34.444| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:35:34.444| ACLChecklist::preCheck: 0xa0ed148 checking 'http_access deny !Safe_ports'
2009/06/04 08:35:34.444| ACLList::matches: checking !Safe_ports
2009/06/04 08:35:34.444| ACL::checklistMatches: checking 'Safe_ports'
2009/06/04 08:35:34.444| ACL::ChecklistMatches: result for 'Safe_ports' is 1
2009/06/04 08:35:34.444| ACLList::matches: result is false
2009/06/04 08:35:34.444| aclmatchAclList: 0xa0ed148 returning false (AND list entry failed to match)
2009/06/04 08:35:34.444| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:35:34.444| ACLChecklist::preCheck: 0xa0ed148 checking 'http_access deny CONNECT !SSL_ports'
2009/06/04 08:35:34.444| ACLList::matches: checking CONNECT
2009/06/04 08:35:34.444| ACL::checklistMatches: checking 'CONNECT'
2009/06/04 08:35:34.444| ACL::ChecklistMatches: result for 'CONNECT' is 0
2009/06/04 08:35:34.444| ACLList::matches: result is false
2009/06/04 08:35:34.444| aclmatchAclList: 0xa0ed148 returning false (AND list entry failed to match)
2009/06/04 08:35:34.444| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/06/04 08:35:34.445| ACLChecklist::preCheck: 0xa0ed148 checking 'http_access deny !auth'
2009/06/04 08:35:34.445| ACLList::matches: checking !auth
2009/06/04 08:35:34.445| ACL::checklistMatches: checking 'auth'
2009/06/04 08:35:34.445| aclMatchAcl: returning 0 sending authentication challenge.
2009/06/04 08:35:34.445| ACL::ChecklistMatches: result for 'auth' is 0
2009/06/04 08:35:34.445| ACLList::matches: result is true
2009/06/04 08:35:34.445| aclmatchAclList: 0xa0ed148 returning false (AND list entry failed to match)
2009/06/04 08:35:34.445| ACLChecklist::checkForAsync: requiring Proxy Auth header.
2009/06/04 08:35:34.445| ACLChecklist::markFinished: 0xa0ed148 checklist processing finished
2009/06/04 08:35:34.445| aclmatchAclList: async=1 nodeMatched=1 async_in_progress=0 lastACLResult() = 1 finished() = 1
2009/06/04 08:35:34.445| ACLChecklist::check: 0xa0ed148 match found, calling back with 2
2009/06/04 08:35:34.445| ACLChecklist::checkCallback: 0xa0ed148 answer=2
2009/06/04 08:35:34.445| aclGetDenyInfoPage: got called for auth
2009/06/04 08:35:34.445| aclGetDenyInfoPage: no match
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.445| aclCheckFast: list: 0
2009/06/04 08:35:34.445| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.445| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.446| aclCheckFast: list: 0
2009/06/04 08:35:34.446| aclCheckFast: no matches, returning: 1
2009/06/04 08:35:34.446| ACLChecklist::~ACLChecklist: destroyed 0xa0ed1dc
2009/06/04 08:35:34.446| ACLChecklist::~ACLChecklist: destroyed 0xa0ed148
2009/06/04 08:35:34.446| ACLChecklist::~ACLChecklist: destroyed 0xa0ed148

3. only squid_kerb_auth -d was enabled (debug_option was disabled)

there was not any output in the cache.log

-

--
---
Always try to find truth!!!
      
Received on Thu Jun 04 2009 - 08:40:39 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 05 2009 - 12:00:02 MDT