Hi Eugene,
I setup a virtual machine with freebsd 10-RC3
$ uname -a
FreeBSD freebsd 10.0-RC3 FreeBSD 10.0-RC3 #0 r259778: Mon Dec 23 23:27:58
UTC 2013 root_at_snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
the attached packages and compiled squid trunk.
Although squid does not fully compiled (SQUID_BSDNET_INCLUDES needs to
change include order) and fails in the base code with
In file included from AsyncCall.cc:2:
In file included from ./AsyncCall.h:6:
In file included from ./RefCount.h:40:
In file included from /usr/include/c++/v1/iostream:38:
In file included from /usr/include/c++/v1/ios:216:
In file included from /usr/include/c++/v1/__locale:15:
In file included from /usr/include/c++/v1/string:432:
/usr/include/c++/v1/cstdio:139:9: error: no member named
'ERROR_sprintf_UNSAFE_IN_SQUID' in the global
namespace
using ::sprintf;
~~^
../../compat/unsafe.h:10:17: note: expanded from macro 'sprintf'
#define sprintf ERROR_sprintf_UNSAFE_IN_SQUID
^
the helpers compile fine and when I run ext_kerberos_ldap_group_acl it
works with the MEMORY cache.
$ ./ext_kerberos_ldap_group_acl -d -g SQUID_ALLOW
kerberos_ldap_group.cc(275): pid=60129 :2013/12/29 12:49:36|
kerberos_ldap_group: INFO: Starting version 1.3.1sq
support_group.cc(374): pid=60129 :2013/12/29 12:49:36| kerberos_ldap_group:
INFO: Group list SQUID_ALLOW
support_group.cc(439): pid=60129 :2013/12/29 12:49:36| kerberos_ldap_group:
INFO: Group SQUID_ALLOW Domain NULL
support_netbios.cc(75): pid=60129 :2013/12/29 12:49:36| kerberos_ldap_group:
DEBUG: Netbios list NULL
support_netbios.cc(79): pid=60129 :2013/12/29 12:49:36| kerberos_ldap_group:
DEBUG: No netbios names defined.
support_lserver.cc(74): pid=60129 :2013/12/29 12:49:36| kerberos_ldap_group:
DEBUG: ldap server list NULL
support_lserver.cc(78): pid=60129 :2013/12/29 12:49:36| kerberos_ldap_group:
DEBUG: No ldap servers defined.
mm_at_WIN2003R2.HOME
kerberos_ldap_group.cc(372): pid=60129 :2013/12/29 12:49:41|
kerberos_ldap_group: INFO: Got User: mm Domain: WIN2003R2.HOME
support_member.cc(55): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: User domain loop: group_at_domain SQUID_ALLOW_at_NULL
support_member.cc(83): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Default domain loop: group_at_domain SQUID_ALLOW_at_NULL
support_member.cc(111): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Default group loop: group_at_domain SQUID_ALLOW_at_NULL
support_member.cc(113): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Found group_at_domain SQUID_ALLOW_at_NULL
support_ldap.cc(801): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Setup Kerberos credential cache
support_krb5.cc(90): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Get default keytab file name
support_krb5.cc(96): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Got default keytab file name ./squid.keytab
support_krb5.cc(110): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Get principal name from keytab ./squid.keytab
support_krb5.cc(119): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Keytab entry has realm name: WIN2003R2.HOME
support_krb5.cc(133): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Found principal name: HTTP/opensuse12.suse.home_at_WIN2003R2.HOME
support_krb5.cc(174): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Set credential cache to MEMORY:squid_ldap_60129
support_krb5.cc(270): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Got principal name HTTP/opensuse12.suse.home_at_WIN2003R2.HOME
support_krb5.cc(313): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Stored credentials
support_ldap.cc(830): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Initialise ldap connection
support_ldap.cc(836): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Canonicalise ldap server name for domain WIN2003R2.HOME
support_resolv.cc(373): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Resolved SRV _ldap._tcp.WIN2003R2.HOME record to
w2k3r2.win2003r2.home
support_resolv.cc(201): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Resolved address 1 of WIN2003R2.HOME to w2k3r2.win2003r2.home
support_resolv.cc(201): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Resolved address 2 of WIN2003R2.HOME to w2k3r2.win2003r2.home
support_resolv.cc(201): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Resolved address 3 of WIN2003R2.HOME to w2k3r2.win2003r2.home
support_resolv.cc(401): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Adding WIN2003R2.HOME to list
support_resolv.cc(437): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Sorted ldap server names for domain WIN2003R2.HOME:
support_resolv.cc(439): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Host: w2k3r2.win2003r2.home Port: 389 Priority: 0 Weight: 0
support_resolv.cc(439): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Host: WIN2003R2.HOME Port: -1 Priority: -2 Weight: -2
support_ldap.cc(845): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Setting up connection to ldap server w2k3r2.win2003r2.home:389
support_ldap.cc(856): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Bind to ldap server with SASL/GSSAPI
support_ldap.cc(870): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Successfully initialised connection to ldap server
w2k3r2.win2003r2.home:389
support_ldap.cc(299): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Search ldap server with bind path "" and filter: (objectclass=*)
support_ldap.cc(569): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Search ldap entries for attribute : schemaNamingContext
support_ldap.cc(615): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: 1 ldap entry found with attribute : schemaNamingContext
support_ldap.cc(308): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Search ldap server with bind path
CN=Schema,CN=Configuration,DC=win2003r2,DC=home and filter:
(ldapdisplayname=samaccountname)
support_ldap.cc(311): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Found 1 ldap entry
support_ldap.cc(316): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Determined ldap server as an Active Directory server
support_ldap.cc(978): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Search ldap server with bind path dc=WIN2003R2,dc=HOME and filter :
(samaccountname=mm)
support_ldap.cc(991): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Found 1 ldap entry
support_ldap.cc(569): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Search ldap entries for attribute : memberof
support_ldap.cc(615): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: 2 ldap entries found with attribute : memberof
support_ldap.cc(1018): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Entry 1 "SQUID_ALLOW" in hex UTF-8 is 53515549445f414c4c4f57
support_ldap.cc(1026): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Entry 1 "SQUID_ALLOW" matches group name "SQUID_ALLOW"
support_ldap.cc(1018): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Entry 2 "Win2003R2Users" in hex UTF-8 is 57696e3230303352325573657273
support_ldap.cc(1030): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Entry 2 "Win2003R2Users" does not match group name "SQUID_ALLOW"
support_ldap.cc(1172): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
DEBUG: Unbind ldap server
support_member.cc(117): pid=60129 :2013/12/29 12:49:41| kerberos_ldap_group:
INFO: User mm is member of group_at_domain SQUID_ALLOW_at_NULL
OK
kerberos_ldap_group.cc(404): pid=60129 :2013/12/29 12:49:41|
kerberos_ldap_group: DEBUG: OK
QQ_at_QQ
kerberos_ldap_group.cc(372): pid=60129 :2013/12/29 12:49:44|
kerberos_ldap_group: INFO: Got User: QQ Domain: QQ
$
Regards
Markus
"Eugene M. Zheganin" wrote in message
news:52BBF372.3070506_at_norma.perm.ru...
Hi.
On 24.12.2013 20:39, Markus Moeller wrote:
>
>
> Could you tell me which OS , kerberos, ldap and sasl version you use ?
>
>
It's
FreeBSD 10.0-BETA2 amd64
Heimdal Kerberos 1.5.2
cyrus-sasl 2.1.26
openldap-sasl-client-2.4.38
last two are from FreeBSD ports, -sasl- means it's compiled with
--with-cyrus-sasl.
Thanks.
Eugene.
This archive was generated by hypermail 2.2.0 : Mon Dec 30 2013 - 12:00:06 MST