[squid-users] Re: Re: Re: Re:Problem with SQUID_KERB_LDAP from Markus Moeller on 2010-02-09 (squid-users)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Tue, 9 Feb 2010 19:23:40 -0000

squid_kerb_auth is for transparent authentication ( no popop). Maybe you
want to use another authentication module. squid_kerb_ldap will still work
independant of squid_kerb_auth.

Markus

"Fruehauf" <r.fruehwacht_at_googlemail.com> wrote in message
news:4B713C27.8020106_at_googlemail.com...
> So far, i test it with IE8 and Firefox 3.5
>
> When i test it with IE6, no popup occurs and i get immediately the error
> message.
> Therefore i have this problem with all browsers .
>
> The best way would be, that always a popup appear, when i start a new
> browser session and the user have to authentication on the domain,
> cause, i have not only domain clients, i work with workgroup clients too.
> I thought, i take the right howto therefore. What have i to change,
> to get always the authentication screen?
>
> I now, that are 2 different problems, i hope, it's ok.
>
> Rainer
>
>
> Am 09.02.2010 00:14, schrieb Markus Moeller:
>> Ralf,
>>
>> The lines:
>>
>> 2010/02/08 20:59:08| squid_kerb_auth: received type 1 NTLM token
>>
>> mean that your browser is not using Kerberos authentication, why you get
>> the popup.
>>
>> Markus
>>
>> "Ralf Fruehauf" <r.fruehwacht_at_googlemail.com> wrote in message
>> news:4B706E39.9050805_at_googlemail.com...
>>> Am 05.02.2010 19:03, schrieb Markus Moeller:
>>>> If you have only a directory not an executable then you don't really
>>>> have squid_kerb_ldap installed.
>>>>
>>>> The script is a standalone script somewhere on your filesystem
>>>> accesible by the squid process.
>>>>
>>>> Markus
>>>>
>>>> "Ralf Fruehauf" <r.fruehwacht_at_googlemail.com> wrote in message
>>>> news:ff35590e1002050714q1bd0432bje929e968189242b2_at_mail.gmail.com...
>>>>> For my understanding:
>>>>>
>>>>> i take this script and put it into my /etc/init.d/squid start script?
>>>>>
>>>>> With strace, i thought, i need a executably file/program, but i have
>>>>> no squid_kerb_ldap file, only a directory!?
>>>>> Sorry, for this simple question.
>>>>>
>>>>> Rainer
>>>>>
>>>>
>>>>
>>> Ok, that was my mistake, i had a problem during the make command with
>>> squid_kerb_ldap, now,
>>> i have a squid_kerb_ldap file and squid successfully starts, that is
>>> some progress at least.
>>>
>>> Now, i have a problem with the authenticating. The registration box
>>> appears on the screen,
>>> but he don't accept my user/passwort entry. The user is located in the
>>> SQUID_USERS group
>>> in my Active Directory. After 4 until 5 attempts, i get a error - Cache
>>> Access Denied -
>>> "Sorry, you are not currently allowed to request http://www.google.de/
>>> from this cache until you have authenticated yourself."
>>> ______________________________________________________________________________________________
>>>
>>> access.log:
>>>
>>> 1265659148.810 2 192.168.100.130 TCP_DENIED/407 2462 GET
>>> http://www.google.de/ - NONE/- text/html
>>> 1265659148.856 1 192.168.100.130 TCP_DENIED/407 2565 GET
>>> http://www.google.de/ - NONE/- text/html
>>> 1265659158.206 1 192.168.100.130 TCP_DENIED/407 2565 GET
>>> http://www.google.de/ - NONE/- text/html
>>>
>>> ______________________________________________________________________________________________
>>>
>>> cache.log:
>>>
>>> 2010/02/08 20:38:35| Starting Squid Cache version 3.0.STABLE18 for
>>> i686-pc-linux-gnu...
>>> 2010/02/08 20:38:35| Process ID 2292
>>> 2010/02/08 20:38:35| With 1024 file descriptors available
>>> 2010/02/08 20:38:35| DNS Socket created at 0.0.0.0, port 46847, FD 7
>>> 2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf
>>> 2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf
>>> 2010/02/08 20:38:35| Adding nameserver 192.168.100.1 from
>>> /etc/resolv.conf
>>> 2010/02/08 20:38:35| Adding nameserver 192.168.100.254 from
>>> /etc/resolv.conf
>>> 2010/02/08 20:38:35| helperOpenServers: Starting 10/10 'squid_kerb_auth'
>>> processes
>>> 2010/02/08 20:38:36| helperOpenServers: Starting 5/5 'squid_kerb_ldap'
>>> processes
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
>>> 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
>>> 2010/02/08 20:38:36| Unlinkd pipe opened on FD 27
>>> 2010/02/08 20:38:36| Swap maxSize 102400 + 8192 KB, estimated 8507
>>> objects
>>> 2010/02/08 20:38:36| Target number of buckets: 425
>>> 2010/02/08 20:38:36| Using 8192 Store buckets
>>> 2010/02/08 20:38:36| Max Mem size: 8192 KB
>>> 2010/02/08 20:38:36| Max Swap size: 102400 KB
>>> 2010/02/08 20:38:36| Version 1 of swap file with LFS support detected...
>>> 2010/02/08 20:38:36| Rebuilding storage in /var/cache/squid-3.0 (CLEAN)
>>> 2010/02/08 20:38:36| Using Least Load store dir selection
>>> 2010/02/08 20:38:36| chdir: /opt/squid-3.0/var/cache: (2) No such file
>>> or directory
>>> 2010/02/08 20:38:36| Current Directory is /
>>> 2010/02/08 20:38:36| Loaded Icons.
>>> 2010/02/08 20:38:36| Accepting HTTP connections at 0.0.0.0, port 3128,
>>> FD 29.
>>> 2010/02/08 20:38:36| Accepting ICP messages at 0.0.0.0, port 3130, FD
>>> 30.
>>> 2010/02/08 20:38:36| HTCP Disabled.
>>> 2010/02/08 20:38:36| Ready to serve requests.
>>> 2010/02/08 20:38:36| Done reading /var/cache/squid-3.0 swaplog (0
>>> entries)
>>> 2010/02/08 20:38:36| Finished rebuilding storage from disk.
>>> 2010/02/08 20:38:36| 0 Entries scanned
>>> 2010/02/08 20:38:36| 0 Invalid entries.
>>> 2010/02/08 20:38:36| 0 With invalid flags.
>>> 2010/02/08 20:38:36| 0 Objects loaded.
>>> 2010/02/08 20:38:36| 0 Objects expired.
>>> 2010/02/08 20:38:36| 0 Objects cancelled.
>>> 2010/02/08 20:38:36| 0 Duplicate URLs purged.
>>> 2010/02/08 20:38:36| 0 Swapfile clashes avoided.
>>> 2010/02/08 20:38:36| Took 0.07 seconds ( 0.00 objects/sec).
>>> 2010/02/08 20:38:36| Beginning Validation Procedure
>>> 2010/02/08 20:38:36| Completed Validation Procedure
>>> 2010/02/08 20:38:36| Validated 25 Entries
>>> 2010/02/08 20:38:36| store_swap_size = 0
>>> 2010/02/08 20:38:37| storeLateRelease: released 0 objects
>>> 2010/02/08 20:38:58| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:38:58| squid_kerb_auth: received type 1 NTLM token
>>> 2010/02/08 20:40:40| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:40:40| squid_kerb_auth: received type 1 NTLM token
>>> 2010/02/08 20:57:43| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:57:43| squid_kerb_auth: received type 1 NTLM token
>>> 2010/02/08 20:57:49| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:57:49| squid_kerb_auth: received type 1 NTLM token
>>> 2010/02/08 20:58:24| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:58:24| squid_kerb_auth: received type 1 NTLM token
>>> 2010/02/08 20:58:51| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:58:51| squid_kerb_auth: received type 1 NTLM token
>>> 2010/02/08 20:59:08| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:59:08| squid_kerb_auth: received type 1 NTLM token
>>> 2010/02/08 20:59:18| squid_kerb_auth: Got 'YR
>>> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid
>>> (length: 59).
>>> 2010/02/08 20:59:18| squid_kerb_auth: received type 1 NTLM token
>>> ______________________________________________________________________________________________
>>>
>>> store.log:
>>>
>>> 1265659148.810 RELEASE -1 FFFFFFFF 02BD860C9F7570381B44392E3E27E0D4 407
>>> 1265659148 0 -1 text/html 2094/2094 GET
>>> http://www.google.de/
>>> 1265659148.856 RELEASE -1 FFFFFFFF DF3324214B04A1A81662633DC3E4C78C 407
>>> 1265659148 0 -1 text/html 2197/2197 GET
>>> http://www.google.de/
>>> 1265659158.206 RELEASE -1 FFFFFFFF 3F2E3F4551C070C64EBEFEBB8AF6EECB 407
>>> 1265659158 0 -1 text/html 2197/2197 GET
>>> http://www.google.de/
>>>
>>> So, how can i localize this problem.
>>>
>>> Rainer
>>>
>>>
>>>
>>
>>
>
>
Received on Tue Feb 09 2010 - 19:25:23 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 10 2010 - 12:00:05 MST