[squid-users] Re: Re: Problem with SQUID_KERB_LDAP

"DmitrySh" <sbros_v_at_inbox.lv> wrote in message
news:1288100124027-3013710.post_at_n4.nabble.com...
>
> Hi all again.
>
> I think we can close this threat couse i localize the problem.
> It's the same problem as in this threat -
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-using-squid-kerb-auth-with-Internet-Explorer-8-on-Windows-Server-2008-R2-td3013070.html#a3013070
>
> I check all on Windows XP with IE7 client machine and all works fine even
> with squid_kerb_ldap helper
>
> By the words, squid_kerb_ldap helper didn't start untill i give him -i key
> on the end of string

The -i is not required. What do you get when you execute it as follows:

export KRB5_KTNAME=<path to keytab>
/usr/local/squid/libexec/squid_kerb_ldap -g UserGroup_at_domain.com
user_at_domain.com

You should just get a reply OK .e.g.

markus_at_opensuse11:~/mysources/squid_kerb_ldap> export
KRB5_KTNAME=./squid.keytab
markus_at_opensuse11:~/mysources/squid_kerb_ldap> /usr/sbin/squid_kerb_ldap -g
SOCKS_ALLOW_at_SUSE.HOME
markus_at_SUSE.HOME
OK

With -i you get informational messages and -d debug messages.

/usr/sbin/squid_kerb_ldap -d -g SOCKS_ALLOW_at_SUSE.HOME
2010/10/26 19:26:21| squid_kerb_ldap: Starting version 1.2.1a
2010/10/26 19:26:21| squid_kerb_ldap: Group list SOCKS_ALLOW_at_SUSE.HOME
2010/10/26 19:26:21| squid_kerb_ldap: Group SOCKS_ALLOW Domain SUSE.HOME
2010/10/26 19:26:21| squid_kerb_ldap: Netbios list NULL
2010/10/26 19:26:21| squid_kerb_ldap: No netbios names defined.

>
> external_acl_type SQUID_KERB_LDAP ttl=3600 negative_ttl=3600 ipv4 %LOGIN
> /usr/local/squid/libexec/squid_kerb_ldap -g UserGroup_at_domain.com -i
>
> Maybe it will be usefull for someone else.
>
> --
> View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Problem-with-SQUID-KERB-LDAP-tp1468788p3013710.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>

Regards
Markus
Received on Tue Oct 26 2010 - 18:27:01 MDT