Search squid archive

Re: Re: Squid + Kerberos + Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Dear Markus,

Really thanks for your suggestions... i didnt understand few of them... anyway the following is my reply to your queries... kindly assist me to keep the things up and running...


FQDN --> linuxproxy.panasonic.com
HOSTNAME --> linuxproxy


[root@linuxproxy ~]# klist -kt
Keytab name: FILE:/etc/squid/HTTP.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic.com@xxxxxxxxxxxxx
   4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic.com@xxxxxxxxxxxxx
   4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic.com@xxxxxxxxxxxxx
   3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic.com@xxxxxxxxxxxxx
   3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic.com@xxxxxxxxxxxxx
   3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic.com@xxxxxxxxxxxxx
[root@linuxproxy ~]#



Does you startup script set the KRB5_KTNAME environment variable ?

[root@linuxproxy ~]# head -23 /etc/rc.d/init.d/squid 
#!/bin/bash
### BEGIN INIT INFO
# Provides: squid
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
#       a way to store requested Internet objects (i.e., data available \
#       via the HTTP, FTP, and gopher protocols) on a system closer to the \
#       requesting site than to the source. Web browsers can then use the \
#       local Squid cache as a proxy HTTP server, reducing access time as \
#       well as bandwidth consumption.
### END INIT INFO

KRB5_KTNAME=/etc/squid/HTTP.keytab 
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH KRB5_KTNAME

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
[root@linuxproxy ~]# 




Can you do a successful kinit -k squid.keytab  HTTP/hostname ? (i didnt understand how to issue this command, any way i tried the followig);

[root@linuxproxy ~]# ls /etc/squid/HTTP.keytab    (i am using HTTP.keytab file name, i think u mentioned squid.keytab, am i right?)
/etc/squid/HTTP.keytab
[root@linuxproxy ~]#
[root@linuxproxy ~]# kinit -k HTTP.keytab HTTP/linuxproxy
Extra arguments (starting with "HTTP/linuxproxy").
Usage: kinit [-5] [-4] [-V] [-l lifetime] [-s start_time] 
	[-r renewable_life] [-f | -F] [-p | -P] [-a | -A] 
	[-v] [-R] [-k [-t keytab_file]] 
	[-c cachename] [-S service_name] [principal]

    options:                                          valid with Kerberos:
	-5 Kerberos 5 (available)
	-4 Kerberos 4 (available)
	   (Default behavior is to try Kerberos 5)
	-V verbose                                        Either 4 or 5
	-l lifetime                                       Either 4 or 5
	-s start time                                     5
	-r renewable lifetime                             5
	-f forwardable                                    5
	-F not forwardable                                5
	-p proxiable                                      5
	-P not proxiable                                  5
	-a include addresses                              5
	-A do not include addresses                       5
	-v validate                                       5
	-R renew                                          5, or both 5 and 4
	-k use keytab                                     5, or both 5 and 4
	-t filename of keytab to use                      5, or both 5 and 4
	-c Kerberos 5 cache name                          5
	-S service                                        5, or both 5 and 4
[root@linuxproxy ~]# 




Can you add a -d to squid_kerb_auth and send me the output ?
where i want add this -d ? you mean in the squid.conf? if so, from where i will get the output? in stdout? or in any of the log message? please clarify...



Did you use the fqdn in IE  to point to squid ?
i tried FQDN after your mail, but the same resut. Cache Access Denied!!!
before i had given the IP, and the result is same. (i am eager to know, this will not work, if i am specifying IP? or is it a mandatory that i should specify the fqdn?



The command which i used to create the computer account in the active directory from the squid proxy machine;
 
msktutil -c -b "OU=Servers" -s HTTP/linuxproxy.panasonic.com -h linuxproxy -k /etc/squid/HTTP.keytab --computer-name SQUIDPROXY --upn HTTP/linuxproxy.panasonic.com --server pana001.panasonic.com --verbose

where my hostname = linuxproxy
fqdn = linuxproxy.panasonic.com (resolvable in DNS)
SAM client name specified = Squidproxy
Actice Directory Server (DC) = pana001.panasonic.com (resolvable in DNS)



Here is my krb5.conf;

[root@linuxproxy ~]# cat /etc/krb5.conf 
[libdefaults]
      default_realm = PANASONIC.COM
      dns_lookup_kdc = no
      dns_lookup_realm = no
      default_keytab_name = /etc/squid/HTTP.keytab
      default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
      default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
      permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
[realms]
      PANASONIC.COM = {
              kdc = pana001.panasonic.com
              admin_server = pana001.panasonic.com
      }

[domain_realm]
      .panasonic..com = PANASONIC.COM
      panasonic.com = PANASONIC.COM

[logging]
  kdc = FILE:/var/log/kdc.log
  admin_server = FILE:/var/log/kadmin.log
  default = FILE:/var/log/krb5lib.log


-
--
---
Always try to find truth!!!


--- On Tue, 6/2/09, Markus Moeller <huaraz@xxxxxxxxxxxxxxxx> wrote:

> From: Markus Moeller <huaraz@xxxxxxxxxxxxxxxxx>
> Subject:   Re: Squid + Kerberos + Active Directory
> To: squid-users@xxxxxxxxxxxxxxx
> Date: Tuesday, June 2, 2009, 10:56 PM
> Can you send me the following;
> 
> fqdn
> hostname
> klist -kt   squid.keytab  ( If you use
> MIT Kerberos)
> 
> 
> Does you startup script set the KRB5_KTNAME environment
> variable ?
> 
> Can you do a successful kinit -k squid.keytab 
> HTTP/hostname ?
> 
> Can you add a -d to squid_kerb_auth and send me the output
> ?
> 
> Did you use the fqdn in IE  to point to squid ?
> 
> Regards
> Markus
> 
> 
> "Truth Seeker" <truth_seeker_3535@xxxxxxxxx>
> wrote in message news:177962.48305.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> 
> 
> Thanks Amos. I followed that link and done the steps
> completely. But it is not working for me. PLease look in to
> the following details and kindly guide me to achieve the
> goal.
> 
> the following informations are herewith;
> 1. squid.conf
> 2. debugged info from cache.log
> 
> contents of my squid.conf
> 
> grep -v ^# /etc/squid/squid.conf | grep -v "^$"
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl localnet src 10.0.0.0/8     #
> RFC1918 possible internal network
> acl localnet src 172.16.0.0/12  # RFC1918 possible
> internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal
> network
> acl SSL_ports port 443
> acl Safe_ports port 80          #
> http
> acl Safe_ports port 21          #
> ftp
> acl Safe_ports port 443     
>    # https
> acl Safe_ports port 70          #
> gopher
> acl Safe_ports port 210     
>    # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280     
>    # http-mgmt
> acl Safe_ports port 488     
>    # gss-http
> acl Safe_ports port 591     
>    # filemaker
> acl Safe_ports port 777     
>    # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> ### For ACtive Directory Inegration
> auth_param negotiate program 
> /usr/lib/squid/squid_kerb_auth
> auth_param negotiate children 10
> auth_param negotiate keep_alive on
> acl auth proxy_auth REQUIRED
> http_access deny !auth
> http_access allow auth
> http_access deny all
> http_access allow localhost
> http_access deny all
> icp_access allow localnet
> icp_access deny all
> htcp_access allow localnet
> htcp_access deny all
> http_port 8080
> hierarchy_stoplist cgi-bin ?
> access_log /var/log/squid/access.log squid
> debug_options ALL,1 33,2 28,9
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (cgi-bin|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> icp_port 3130
> coredump_dir /var/spool/squid
> 
> 
> 
> contents of cache.log while accessing from a windows client
> who is a member of our domain.
> 
> 2009/06/02 21:38:06.486| aclCheckFast: list: 0x8a8ff60
> 2009/06/02 21:38:06.486| ACLChecklist::preCheck: 0xbfb8ae94
> checking 'ident_lookup_access deny all'
> 2009/06/02 21:38:06.486| ACLList::matches: checking all
> 2009/06/02 21:38:06.486| ACL::checklistMatches: checking
> 'all'
> 2009/06/02 21:38:06.486| aclMatchIp: '192.168.4.139' found
> 2009/06/02 21:38:06.486| ACL::ChecklistMatches: result for
> 'all' is 1
> 2009/06/02 21:38:06.486| ACLList::matches: result is true
> 2009/06/02 21:38:06.486| aclmatchAclList: 0xbfb8ae94
> returning true (AND list satisfied)
> 2009/06/02 21:38:06.486| ACLChecklist::markFinished:
> 0xbfb8ae94 checklist processing finished
> 2009/06/02 21:38:06.486| ACLChecklist::~ACLChecklist:
> destroyed 0xbfb8ae94
> 2009/06/02 21:38:06.487| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access allow manager localhost'
> 2009/06/02 21:38:06.487| ACLList::matches: checking
> manager
> 2009/06/02 21:38:06.487| ACL::checklistMatches: checking
> 'manager'
> 2009/06/02 21:38:06.487| ACL::ChecklistMatches: result for
> 'manager' is 0
> 2009/06/02 21:38:06.487| ACLList::matches: result is false
> 2009/06/02 21:38:06.487| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.487| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.487| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny manager'
> 2009/06/02 21:38:06.487| ACLList::matches: checking
> manager
> 2009/06/02 21:38:06.487| ACL::checklistMatches: checking
> 'manager'
> 2009/06/02 21:38:06.487| ACL::ChecklistMatches: result for
> 'manager' is 0
> 2009/06/02 21:38:06.487| ACLList::matches: result is false
> 2009/06/02 21:38:06.487| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.487| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.487| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny !Safe_ports'
> 2009/06/02 21:38:06.487| ACLList::matches: checking
> !Safe_ports
> 2009/06/02 21:38:06.487| ACL::checklistMatches: checking
> 'Safe_ports'
> 2009/06/02 21:38:06.487| ACL::ChecklistMatches: result for
> 'Safe_ports' is 1
> 2009/06/02 21:38:06.487| ACLList::matches: result is false
> 2009/06/02 21:38:06.488| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.488| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.488| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny CONNECT !SSL_ports'
> 2009/06/02 21:38:06.488| ACLList::matches: checking
> CONNECT
> 2009/06/02 21:38:06.488| ACL::checklistMatches: checking
> 'CONNECT'
> 2009/06/02 21:38:06.488| ACL::ChecklistMatches: result for
> 'CONNECT' is 0
> 2009/06/02 21:38:06..488| ACLList::matches: result is
> false
> 2009/06/02 21:38:06.488| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.488| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.488| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny !auth'
> 2009/06/02 21:38:06.488| ACLList::matches: checking !auth
> 2009/06/02 21:38:06..488| ACL::checklistMatches: checking
> 'auth'
> 2009/06/02 21:38:06.488| aclMatchAcl: returning 0 sending
> authentication challenge.
> 2009/06/02 21:38:06.488| ACL::ChecklistMatches: result for
> 'auth' is 0
> 2009/06/02 21:38:06...488| ACLList::matches: result is true
> 2009/06/02 21:38:06.488| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.488| ACLChecklist::checkForAsync:
> requiring Proxy Auth header..
> 2009/06/02 21:38:06.488| ACLChecklist::markFinished:
> 0x8d9c188 checklist processing finished
> 2009/06/02 21:38:06.488| aclmatchAclList: async=1
> nodeMatched=1 async_in_progress=0 lastACLResult() = 1
> finished() = 1
> 2009/06/02 21:38:06.488| ACLChecklist::check: 0x8d9c188
> match found, calling back with 2
> 2009/06/02 21:38:06.488| ACLChecklist::checkCallback:
> 0x8d9c188 answer=2
> 2009/06/02 21:38:06.488| aclGetDenyInfoPage: got called for
> auth
> 2009/06/02 21:38:06.488| aclGetDenyInfoPage: no match
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06..488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.488| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.488| aclCheckFast: list: 0
> 2009/06/02 21:38:06.488| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.489| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.489| aclCheckFast: list: 0
> 2009/06/02 21:38:06.489| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.489| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.489| aclCheckFast: list: 0
> 2009/06/02 21:38:06.489| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.489| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.489| aclCheckFast: list: 0
> 2009/06/02 21:38:06.489| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.489| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.489| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c188
> 2009/06/02 21:38:06.489| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c188
> 2009/06/02 21:38:06.523| aclCheckFast: list: 0x8a8ff60
> 2009/06/02 21:38:06.523| ACLChecklist::preCheck: 0xbfb8ae94
> checking 'ident_lookup_access deny all'
> 2009/06/02 21:38:06.523| ACLList::matches: checking all
> 2009/06/02 21:38:06.523| ACL::checklistMatches: checking
> 'all'
> 2009/06/02 21:38:06.523| aclMatchIp: '192.168.4.139' found
> 2009/06/02 21:38:06.523| ACL::ChecklistMatches: result for
> 'all' is 1
> 2009/06/02 21:38:06.523| ACLList::matches: result is true
> 2009/06/02 21:38:06.523| aclmatchAclList: 0xbfb8ae94
> returning true (AND list satisfied)
> 2009/06/02 21:38:06.523| ACLChecklist::markFinished:
> 0xbfb8ae94 checklist processing finished
> 2009/06/02 21:38:06.523| ACLChecklist::~ACLChecklist:
> destroyed 0xbfb8ae94
> 2009/06/02 21:38:06.525| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access allow manager localhost'
> 2009/06/02 21:38:06.525| ACLList::matches: checking
> manager
> 2009/06/02 21:38:06.525| ACL::checklistMatches: checking
> 'manager'
> 2009/06/02 21:38:06.525| ACL::ChecklistMatches: result for
> 'manager' is 0
> 2009/06/02 21:38:06.525| ACLList::matches: result is false
> 2009/06/02 21:38:06.525| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.525| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.525| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny manager'
> 2009/06/02 21:38:06.525| ACLList::matches: checking
> manager
> 2009/06/02 21:38:06.525| ACL::checklistMatches: checking
> 'manager'
> 2009/06/02 21:38:06.525| ACL::ChecklistMatches: result for
> 'manager' is 0
> 2009/06/02 21:38:06.525| ACLList::matches: result is false
> 2009/06/02 21:38:06.525| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.525| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.525| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny !Safe_ports'
> 2009/06/02 21:38:06.525| ACLList::matches: checking
> !Safe_ports
> 2009/06/02 21:38:06...525| ACL::checklistMatches: checking
> 'Safe_ports'
> 2009/06/02 21:38:06.525| ACL::ChecklistMatches: result for
> 'Safe_ports' is 1
> 2009/06/02 21:38:06.525| ACLList::matches: result is false
> 2009/06/02 21:38:06.525| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.525| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.525| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny CONNECT !SSL_ports'
> 2009/06/02 21:38:06.525| ACLList::matches: checking
> CONNECT
> 2009/06/02 21:38:06.525| ACL::checklistMatches: checking
> 'CONNECT'
> 2009/06/02 21:38:06.525| ACL::ChecklistMatches: result for
> 'CONNECT' is 0
> 2009/06/02 21:38:06.525| ACLList::matches: result is false
> 2009/06/02 21:38:06.525| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.525| aclmatchAclList: async=0
> nodeMatched=0 async_in_progress=0 lastACLResult() = 0
> finished() = 0
> 2009/06/02 21:38:06.525| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny !auth'
> 2009/06/02 21:38:06.525| ACLList::matches: checking !auth
> 2009/06/02 21:38:06.525| ACL::checklistMatches: checking
> 'auth'
> 2009/06/02 21:38:06.525| aclMatchAcl: returning 0 sending
> credentials to helper.
> 2009/06/02 21:38:06.525| ACL::ChecklistMatches: result for
> 'auth' is 0
> 2009/06/02 21:38:06.525| ACLList::matches: result is true
> 2009/06/02 21:38:06.525| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.525| ACLChecklist::asyncInProgress:
> 0x8d9c188 async set to 1
> 2009/06/02 21:38:06.525| ACLChecklist::checkForAsync:
> checking password via authenticator
> 2009/06/02 21:38:06.525| aclmatchAclList: async=1
> nodeMatched=1 async_in_progress=1 lastACLResult() = 1
> finished() = 0
> 2009/06/02 21:38:06.526| ACLChecklist::asyncInProgress:
> 0x8d9c188 async set to 0
> 2009/06/02 21:38:06.526| ACLChecklist::preCheck: 0x8d9c188
> checking 'http_access deny !auth'
> 2009/06/02 21:38:06.526| ACLList::matches: checking !auth
> 2009/06/02 21:38:06.526| ACL::checklistMatches: checking
> 'auth'
> 2009/06/02 21:38:06.526| aclMatchAcl: returning 0 sending
> authentication challenge.
> 2009/06/02 21:38:06.526| ACL::ChecklistMatches: result for
> 'auth' is 0
> 2009/06/02 21:38:06.526| ACLList::matches: result is true
> 2009/06/02 21:38:06.526| aclmatchAclList: 0x8d9c188
> returning false (AND list entry failed to match)
> 2009/06/02 21:38:06.526| ACLChecklist::checkForAsync:
> requiring Proxy Auth header.
> 2009/06/02 21:38:06.526| ACLChecklist::markFinished:
> 0x8d9c188 checklist processing finished
> 2009/06/02 21:38:06.526| aclmatchAclList: async=1
> nodeMatched=1 async_in_progress=0 lastACLResult() = 1
> finished() = 1
> 2009/06/02 21:38:06.526| ACLChecklist::check: 0x8d9c188
> match found, calling back with 2
> 2009/06/02 21:38:06.526| ACLChecklist::checkCallback:
> 0x8d9c188 answer=2
> 2009/06/02 21:38:06.526| aclGetDenyInfoPage: got called for
> auth
> 2009/06/02 21:38:06..526| aclGetDenyInfoPage: no match
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.526| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.526| aclCheckFast: list: 0
> 2009/06/02 21:38:06.526| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.527| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.527| aclCheckFast: list: 0
> 2009/06/02 21:38:06.527| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.527| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.527| aclCheckFast: list: 0
> 2009/06/02 21:38:06.527| aclCheckFast: no matches,
> returning: 1
> 2009/06/02 21:38:06.527| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c21c
> 2009/06/02 21:38:06.527| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c188
> 2009/06/02 21:38:06.527| ACLChecklist::~ACLChecklist:
> destroyed 0x8d9c188
> 
> 
> 
> -
> --
> ---
> Always try to find truth!!!
> 
> 
> --- On Tue, 6/2/09, Amos Jeffries <squid3@xxxxxxxxxxxxxx>
> wrote:
> 
> > From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
> > Subject: Re:  Squid + Kerberos + Active
> Directory
> > To: "Truth Seeker" <truth_seeker_3535@xxxxxxxxx>
> > Cc: "Squid maillist" <squid-users@xxxxxxxxxxxxxxx>
> > Date: Tuesday, June 2, 2009, 2:53 PM
> > Truth Seeker wrote:
> > > Dear Pro's
> > >
> > > I am trying to configure a squid proxy in Windows
> 2003
> > Active
> > > Directory Environment. I need to make the
> migration
> > from MS ISA Proxy
> > > to Squid 3.0 Stable13 on CentOS 5.2
> > >
> > > My primary goal is; 1. authenticate users
> without
> > asking
> > > username/password (i mean like how a normal
> windows
> > client will
> > > behave when he connects to internet through MS
> ISA
> > Proxy in a Active
> > > Directory environment - which will not prompt
> > username/password
> > > because of the Kerberos) by using the kerberos
> to
> > communicate with
> > > the Win 2k3 Domain Controller.
> > >
> > > 2. Without any downtime.
> > >
> > >
> > > Am i dreaming about this... ??? is this a
> workable
> > target??? Is there
> > > any issue in this environment???
> > >
> > > Awaiting your quick feedbacks ...
> > >
> > 
> > Possible.
> > http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
> > 
> > maybe even easy of you know what you are doing
> regarding
> > Kerberos.
> > 
> > Amos
> > -- Please be using
> > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
> > Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
> > 
> 
> 
> 
> 
> 
> 
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux