[squid-users] Re: squid_kerb_ldap - Could not set LDAP_OPT_X_SASL_SECPROPS

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Sat, 24 Nov 2012 12:31:27 -0000

Hi

   I assume you use openldap on your freebsd build. Can you try from the
command line:

# kinit -kt /usr/local/etc/HTTP.keytab
HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
# ldapsearch -d 999 -H ldap://pollux.m-tisiz.local:389 -Y GSSAPI -O
"maxssf=56" -b dc=M-TISIZ,dc=LOCAL -s sub "(samaccountname=antec)"

and send me the output ?

Regards
Markus

"Подшивалов Антон" <support_at_murmansk-tisiz.ru> wrote in message
news:95378ca7accc17ee30ecf07a71c9b6b2_at_murmansk-tisiz.ru...
> Hello!
> I use:
> proxy# uname -a
> FreeBSD proxy.m-tisiz.local 8.3-RELEASE-p1 FreeBSD 8.3-RELEASE-p1 #0: Wed
> May 23 22:56:59 MSK 2012
> ant_at_freebsd.m-tisiz.local:/usr/obj/usr/src/sys/AnteC_kernel i386
>
> I try to authenticate squid user by Active Directory. But have some error
> when use squid_kerb_ldap external helper:
>
> proxy# /usr/local/libexec/squid/squid_kerb_ldap -d -D M-TISIZ.LOCAL -g
> inet_users@
> 2012/11/23 16:04:20| squid_kerb_ldap: Starting version 1.2.2
> 2012/11/23 16:04:20| squid_kerb_ldap: Group list inet_users@
> 2012/11/23 16:04:20| squid_kerb_ldap: Group inet_users Domain
> 2012/11/23 16:04:20| squid_kerb_ldap: Netbios list NULL
> 2012/11/23 16:04:20| squid_kerb_ldap: No netbios names defined.
> 2012/11/23 16:04:20| squid_kerb_ldap: ldap server list NULL
> 2012/11/23 16:04:20| squid_kerb_ldap: No ldap servers defined.
> antec
> 2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec set default domain:
> M-TISIZ.LOCAL
> 2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec Domain:
> M-TISIZ.LOCAL
> 2012/11/23 16:04:23| squid_kerb_ldap: User domain loop: group_at_domain
> inet_users@
> 2012/11/23 16:04:23| squid_kerb_ldap: Default domain loop: group_at_domain
> inet_users@
> 2012/11/23 16:04:23| squid_kerb_ldap: Found group_at_domain inet_users@
> 2012/11/23 16:04:23| squid_kerb_ldap: Setup Kerberos credential cache
> 2012/11/23 16:04:23| squid_kerb_ldap: Get default keytab file name
> 2012/11/23 16:04:23| squid_kerb_ldap: Got default keytab file name
> /usr/local/etc/HTTP.keytab
> 2012/11/23 16:04:23| squid_kerb_ldap: Get principal name from keytab
> /usr/local/etc/HTTP.keytab
> 2012/11/23 16:04:23| squid_kerb_ldap: Keytab entry has realm name:
> M-TISIZ.LOCAL
> 2012/11/23 16:04:23| squid_kerb_ldap: Found principal name:
> HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
> 2012/11/23 16:04:23| squid_kerb_ldap: Set credential cache to
> MEMORY:squid_ldap_16670
> 2012/11/23 16:04:23| squid_kerb_ldap: Got principal name
> HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
> 2012/11/23 16:04:23| squid_kerb_ldap: Stored credentials
> 2012/11/23 16:04:23| squid_kerb_ldap: Initialise ldap connection
> 2012/11/23 16:04:23| squid_kerb_ldap: Canonicalise ldap server name for
> domain M-TISIZ.LOCAL
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV
> _ldap._tcp.M-TISIZ.LOCAL record to altair.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV
> _ldap._tcp.M-TISIZ.LOCAL record to pollux.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 1 of M-TISIZ.LOCAL
> to altair.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 2 of M-TISIZ.LOCAL
> to pollux.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 3 of M-TISIZ.LOCAL
> to altair.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 4 of M-TISIZ.LOCAL
> to pollux.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 5 of M-TISIZ.LOCAL
> to altair.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 6 of M-TISIZ.LOCAL
> to pollux.m-tisiz.local
> 2012/11/23 16:04:23| squid_kerb_ldap: Adding M-TISIZ.LOCAL to list
> 2012/11/23 16:04:23| squid_kerb_ldap: Sorted ldap server names for domain
> M-TISIZ.LOCAL:
> 2012/11/23 16:04:23| squid_kerb_ldap: Host: pollux.m-tisiz.local Port: 389
> Priority: 0 Weight: 100
> 2012/11/23 16:04:23| squid_kerb_ldap: Host: altair.m-tisiz.local Port: 389
> Priority: 0 Weight: 100
> 2012/11/23 16:04:23| squid_kerb_ldap: Host: M-TISIZ.LOCAL Port: -1
> Priority: -2 Weight: -2
> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap server
> pollux.m-tisiz.local:389
> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set
> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap server
> with SASL/GSSAPI: Can't contact LDAP server
> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap server
> altair.m-tisiz.local:389
> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set
> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap server
> with SASL/GSSAPI: Can't contact LDAP server
> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap server
> M-TISIZ.LOCAL:389
> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set
> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap server
> with SASL/GSSAPI: Can't contact LDAP server
> 2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of ldap
> connection: No such file or directory
> 2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of ldap
> connection: No such file or directory
> 2012/11/23 16:04:23| squid_kerb_ldap: User antec is not member of
> group_at_domain inet_users@
> 2012/11/23 16:04:23| squid_kerb_ldap: Default group loop: group_at_domain
> inet_users@
> ERR
>
> I try many other options by squid_kerb_ldap but no lack.
> Squid with this helper also can'not authenticate users, with same error.
> Please help solve this error.
>
> Best regard AnteC.
>
Received on Sat Nov 24 2012 - 12:31:51 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 24 2012 - 12:00:04 MST