Hi Markus,
yes I set it up as you described.
Andrew
Am Montag, 24. August 2009 21:53:49 schrieb Markus Moeller:
> Did you set the environment variable KRB5_KTNAME to your HTTP.keytab
> location otherwise the default /etc/krb5.keytab will be used ?
>
> Markus
>
> "Mrvka Andreas" <mrv_at_tuv.at> wrote in message
> news:200908241355.23393.mrv_at_tuv.at...
>
> > Hi list,
> >
> > I want to use this brilliant software squid but do you know what I
> > missing?
> >
> > I have working AD authentication on my SLES11 system
> > - kinit -k -t HTTP.keytab HTTP/squid.fqdn.com works
> > - login via ssh works with pam_krb5
> > - joining to my domain also worked as a charm
> >
> > At this stage I believe, I've set up krb5.conf correctly.
> >
> > So I compiled Squid 3.1.0.13.
> > configure options:
> > '--prefix=/usr/local/squid-3.1'
> > '--enable-auth=basic,ntlm,negotiate'
> > '--enable-basic-auth-helpers=SMB getpwnam multi-domain-NTLM'
> > '--enable-ntlm-auth-helpers=smb_lm no_check'
> > '--enable-negotiate-auth-helpers=squid_kerb_auth'
> > --with-squid=/install/squid-3.1.0.13
> > --enable-ltdl-convenience
> >
> > Next I inserted these lines into squid.conf
> > auth_param negotiate program squid_kerb_auth -d 99 -s HTTP/squid.fqdn.com
> > auth_param negotiate children 15
> > auth_param negotiate keep_alive on
> >
> >
> > Starting squid again worked fine, so didn't get any error at boot time
> > and -- ps -ef -- shows me
> >
> > squid 28944 27915 0 12:51 pts/0 00:00:00 ./squid -N -d 20 -f
> > ../etc/squid.conf
> > squid 28945 28944 0 12:51 ? 00:00:00 (squid_kerb_auth) -d 99
> > -s HTTP/squid.fqdn.com
> > squid 28946 28944 0 12:51 ? 00:00:00 (squid_kerb_auth) -d 99
> > -s HTTP/squid.fqdn.com
> >
> >
> >
> > On my windows PC I configured proxy using manual setting to the FQDN of
> > squid.
> >
> > The result is - in cache.log I find
> > 2009/08/24 12:58:13| squid_kerb_auth: Got 'YR YIIFzAYGKwYBBQUCoIIFwDCCBby
> > ...
> > [...]
> > from squid (length: 1987).
> > 2009/08/24 12:58:13| squid_kerb_auth: Decode 'YIIFzAYGKwYBBQ [...]
> > (decoded length: 1488)
> > 2009/08/24 13:21:19| squid_kerb_auth: gss_accept_sec_context() failed:
> > Unspecified GSS failure. Minor code may provide more information. Key
> > table
> > entry not found
> > 2009/08/24 13:21:19| authenticateNegotiateHandleReply: Error validating
> > user
> > via Negotiate. Error returned 'BH gss_accept_sec_context() failed:
> > Unspecified
> > GSS failure. Minor code may provide more information. Key table entry
> > not found'
> >
> > I created my HTTP.keytab as it was described somewhere.
> > Logged on windows DC - used ktpass and mapped the service principal to a
> > windows user. After that I copied this file to linux squid.
> >
> >
> > I also tried to configure in squid.conf to use squid_kerb_auth -s
> > HTTP/squid.fqdn.com_at_REALM
> >
> > But this didn't work either.
> >
> > I think there is something small missing but I can't figure it out.
> >
> > Please can anybody help me?
> > I hope, my detailed explanation will help others too to configure their
> > systems.
> >
> > With best regards
> > Andrew
>
Received on Tue Aug 25 2009 - 08:41:54 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 25 2009 - 12:00:03 MDT