[squid-users] squid_kerb_ldap - Could not set LDAP_OPT_X_SASL_SECPROPS

From: Подшивалов Антон <support_at_murmansk-tisiz.ru>
Date: Fri, 23 Nov 2012 16:34:46 +0400

Hello!
I use:
proxy# uname -a
FreeBSD proxy.m-tisiz.local 8.3-RELEASE-p1 FreeBSD 8.3-RELEASE-p1 #0:
Wed May 23 22:56:59 MSK 2012
ant_at_freebsd.m-tisiz.local:/usr/obj/usr/src/sys/AnteC_kernel i386

I try to authenticate squid user by Active Directory. But have some
error when use squid_kerb_ldap external helper:

proxy# /usr/local/libexec/squid/squid_kerb_ldap -d -D M-TISIZ.LOCAL -g
inet_users@
2012/11/23 16:04:20| squid_kerb_ldap: Starting version 1.2.2
2012/11/23 16:04:20| squid_kerb_ldap: Group list inet_users@
2012/11/23 16:04:20| squid_kerb_ldap: Group inet_users Domain
2012/11/23 16:04:20| squid_kerb_ldap: Netbios list NULL
2012/11/23 16:04:20| squid_kerb_ldap: No netbios names defined.
2012/11/23 16:04:20| squid_kerb_ldap: ldap server list NULL
2012/11/23 16:04:20| squid_kerb_ldap: No ldap servers defined.
antec
2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec set default
domain: M-TISIZ.LOCAL
2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec Domain:
M-TISIZ.LOCAL
2012/11/23 16:04:23| squid_kerb_ldap: User domain loop: group_at_domain
inet_users@
2012/11/23 16:04:23| squid_kerb_ldap: Default domain loop: group_at_domain
inet_users@
2012/11/23 16:04:23| squid_kerb_ldap: Found group_at_domain inet_users@
2012/11/23 16:04:23| squid_kerb_ldap: Setup Kerberos credential cache
2012/11/23 16:04:23| squid_kerb_ldap: Get default keytab file name
2012/11/23 16:04:23| squid_kerb_ldap: Got default keytab file name
/usr/local/etc/HTTP.keytab
2012/11/23 16:04:23| squid_kerb_ldap: Get principal name from keytab
/usr/local/etc/HTTP.keytab
2012/11/23 16:04:23| squid_kerb_ldap: Keytab entry has realm name:
M-TISIZ.LOCAL
2012/11/23 16:04:23| squid_kerb_ldap: Found principal name:
HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
2012/11/23 16:04:23| squid_kerb_ldap: Set credential cache to
MEMORY:squid_ldap_16670
2012/11/23 16:04:23| squid_kerb_ldap: Got principal name
HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
2012/11/23 16:04:23| squid_kerb_ldap: Stored credentials
2012/11/23 16:04:23| squid_kerb_ldap: Initialise ldap connection
2012/11/23 16:04:23| squid_kerb_ldap: Canonicalise ldap server name for
domain M-TISIZ.LOCAL
2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV
_ldap._tcp.M-TISIZ.LOCAL record to altair.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV
_ldap._tcp.M-TISIZ.LOCAL record to pollux.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 1 of
M-TISIZ.LOCAL to altair.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 2 of
M-TISIZ.LOCAL to pollux.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 3 of
M-TISIZ.LOCAL to altair.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 4 of
M-TISIZ.LOCAL to pollux.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 5 of
M-TISIZ.LOCAL to altair.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 6 of
M-TISIZ.LOCAL to pollux.m-tisiz.local
2012/11/23 16:04:23| squid_kerb_ldap: Adding M-TISIZ.LOCAL to list
2012/11/23 16:04:23| squid_kerb_ldap: Sorted ldap server names for
domain M-TISIZ.LOCAL:
2012/11/23 16:04:23| squid_kerb_ldap: Host: pollux.m-tisiz.local Port:
389 Priority: 0 Weight: 100
2012/11/23 16:04:23| squid_kerb_ldap: Host: altair.m-tisiz.local Port:
389 Priority: 0 Weight: 100
2012/11/23 16:04:23| squid_kerb_ldap: Host: M-TISIZ.LOCAL Port: -1
Priority: -2 Weight: -2
2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap
server pollux.m-tisiz.local:389
2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with
SASL/GSSAPI
2012/11/23 16:04:23| squid_kerb_ldap: Could not set
LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Can't contact LDAP server
2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap
server altair.m-tisiz.local:389
2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with
SASL/GSSAPI
2012/11/23 16:04:23| squid_kerb_ldap: Could not set
LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Can't contact LDAP server
2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap
server M-TISIZ.LOCAL:389
2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with
SASL/GSSAPI
2012/11/23 16:04:23| squid_kerb_ldap: Could not set
LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Can't contact LDAP server
2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of
ldap connection: No such file or directory
2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of
ldap connection: No such file or directory
2012/11/23 16:04:23| squid_kerb_ldap: User antec is not member of
group_at_domain inet_users@
2012/11/23 16:04:23| squid_kerb_ldap: Default group loop: group_at_domain
inet_users@
ERR

I try many other options by squid_kerb_ldap but no lack.
Squid with this helper also can'not authenticate users, with same
error.
Please help solve this error.

Best regard AnteC.
Received on Fri Nov 23 2012 - 12:34:53 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 24 2012 - 12:00:04 MST