Search squid archive

Linux using kerberos works but squid won't

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi list,

I want to use this brilliant software squid but do you know what I missing?

I have working AD authentication on my SLES11 system
- kinit -k -t HTTP.keytab HTTP/squid.fqdn.com works
- login via ssh works with pam_krb5
- joining to my domain also worked as a charm

At this stage I believe, I've set up krb5.conf correctly.

So I compiled Squid 3.1.0.13. 
configure options:
'--prefix=/usr/local/squid-3.1' 
'--enable-auth=basic,ntlm,negotiate'
'--enable-basic-auth-helpers=SMB getpwnam multi-domain-NTLM' 
'--enable-ntlm-auth-helpers=smb_lm no_check' 
'--enable-negotiate-auth-helpers=squid_kerb_auth'
 --with-squid=/install/squid-3.1.0.13
 --enable-ltdl-convenience

Next I inserted these lines into squid.conf
auth_param negotiate program squid_kerb_auth -d 99 -s HTTP/squid.fqdn.com
auth_param negotiate children 15
auth_param negotiate keep_alive on


Starting squid again worked fine, so didn't get any error at boot time and
--  ps -ef  -- shows me

squid    28944 27915  0 12:51 pts/0    00:00:00 ./squid -N -d 20 -f 
../etc/squid.conf
squid    28945 28944  0 12:51 ?        00:00:00 (squid_kerb_auth) -d 99 -s 
HTTP/squid.fqdn.com
squid    28946 28944  0 12:51 ?        00:00:00 (squid_kerb_auth) -d 99 -s 
HTTP/squid.fqdn.com



On my windows PC I configured proxy using manual setting to the FQDN of squid.

The result is - in cache.log I find
2009/08/24 12:58:13| squid_kerb_auth: Got 'YR YIIFzAYGKwYBBQUCoIIFwDCCBby ...
[...]
from squid (length: 1987).
2009/08/24 12:58:13| squid_kerb_auth: Decode 'YIIFzAYGKwYBBQ [...]
(decoded length: 1488)
2009/08/24 13:21:19| squid_kerb_auth: gss_accept_sec_context() failed: 
Unspecified GSS failure.  Minor code may provide more information. Key table 
entry not found
2009/08/24 13:21:19| authenticateNegotiateHandleReply: Error validating user 
via Negotiate. Error returned 'BH gss_accept_sec_context() failed: Unspecified 
GSS failure.  Minor code may provide more information. Key table entry not 
found'

I created my HTTP.keytab as it was described somewhere.
Logged on windows DC - used ktpass and mapped the service principal to a 
windows user. After that I copied this file to linux squid.


I also tried to configure in squid.conf to use squid_kerb_auth -s 
HTTP/squid.fqdn.com@REALM

But this didn't work either.

I think there is something small missing but I can't figure it out.

Please can anybody help me?
I hope, my detailed explanation will help others too to configure their 
systems.

With best regards
Andrew
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux