At this time i try to exclude "LDAP authorization" problem from whole process and comment this sting in squid.conf (come back to this when athentication issue will be solved) And the main problem is authentication problem with squid_kerb_auth helper. Here cache.log file piece where the probkem is seen. 2010/10/25 14:43:36.306| ACLChecklist::preCheck: 0x85a1e50 checking 'http_access allow auth' 2010/10/25 14:43:36.306| ACLList::matches: checking auth 2010/10/25 14:43:36.306| ACL::checklistMatches: checking 'auth' 2010/10/25 14:43:36.307| authenticateAuthenticate: no connection authentication type 2010/10/25 14:43:36.307| Acl.cc(65) AuthenticateAcl: returning 0 sending credentials to helper. 2010/10/25 14:43:36.307| ACL::ChecklistMatches: result for 'auth' is 0 2010/10/25 14:43:36.307| ACLList::matches: result is false 2010/10/25 14:43:36.307| aclmatchAclList: 0x85a1e50 returning false (AND list entry failed to match) 2010/10/25 14:43:36.307| ACLChecklist::asyncInProgress: 0x85a1e50 async set to 1 2010/10/25 14:43:36.307| ACLChecklist::checkForAsync: checking password via authenticator 2010/10/25 14:43:36.307| aclmatchAclList: async=1 nodeMatched=0 async_in_progress=1 lastACLResult() = 0 finished() = 0 2010/10/25 14:43:36.307| clientReadSomeData: FD 11: reading request... 2010/10/25 14:43:36| squid_kerb_auth: DEBUG: Got 'YR YIIGZgYGKwYBBQUCoIIGWjCCBlagMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgY . . /3uRdUzk6z+y3XhEBX19jNqd5CBe72CHRAh5CBC4GPkSyzbjWql5x9kfsBnoEK8Gc5VDXQPAVfAg= =' from squid (length: 2195). 2010/10/25 14:43:36| squid_kerb_auth: DEBUG: Decode 'YIIGZgYGKwYBBQUCoIIGWjCCBlagMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgY . . fpGHRVhvZk/kda8Vtvd618615TAA7y7E7ZN3DeUAEVD+fRErTlSbBlY/3uRdUzk6z+y3XhEBX19jNqd5CBe72CHRAh5CBC4GPkSyzbjWql5x9kfsBnoEK8Gc5VDXQPAVfAg= =' (decoded length: 1642). 2010/10/25 14:43:36| squid_kerb_auth: ERROR: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more inform ation. Permission denied 2010/10/25 14:43:36.308| commio_finish_callback: called for FD 10 (0, 0) 2010/10/25 14:43:36.308| comm_read_try: FD 10, size 8191, retval 115, errno 0 2010/10/25 14:43:36.308| commio_finish_callback: called for FD 10 (0, 0) 2010/10/25 14:43:36.308| comm.cc(165) will call SomeCommReadHandler(FD 10, data=0x83aaf78, size=115, buf=0x83ab188) [call48] 2010/10/25 14:43:36.308| entering SomeCommReadHandler(FD 10, data=0x83aaf78, size=115, buf=0x83ab188) 2010/10/25 14:43:36.308| AsyncCall.cc(32) make: make call SomeCommReadHandler [call48] 2010/10/25 14:43:36.308| helperStatefulHandleRead: end of reply found 2010/10/25 14:43:36.308| helper.cc(375) helperStatefulReleaseServer: srv-0 flags.reserved = 1 2010/10/25 14:43:36.308| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH gss_acquire_cred( ) failed: Unspecified GSS failure. Minor code may provide more information. Permission denied' Got and Decode strings are cuted. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Problem-with-SQUID-KERB-LDAP-tp1468788p3010200.html Sent from the Squid - Users mailing list archive at Nabble.com.
