"DmitrySh" <sbros_v@xxxxxxxx> wrote in message
news:1288100124027-3013710.post@xxxxxxxxxxxxxxxx
Hi all again.
I think we can close this threat couse i localize the problem.
It's the same problem as in this threat -
http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-using-squid-kerb-auth-with-Internet-Explorer-8-on-Windows-Server-2008-R2-td3013070.html#a3013070
I check all on Windows XP with IE7 client machine and all works fine even
with squid_kerb_ldap helper
By the words, squid_kerb_ldap helper didn't start untill i give him -i key
on the end of string
The -i is not required. What do you get when you execute it as follows:
export KRB5_KTNAME=<path to keytab>
/usr/local/squid/libexec/squid_kerb_ldap -g UserGroup@xxxxxxxxxx
user@xxxxxxxxxx
You should just get a reply OK .e.g.
markus@opensuse11:~/mysources/squid_kerb_ldap> export
KRB5_KTNAME=./squid.keytab
markus@opensuse11:~/mysources/squid_kerb_ldap> /usr/sbin/squid_kerb_ldap -g
SOCKS_ALLOW@xxxxxxxxx
markus@xxxxxxxxx
OK
With -i you get informational messages and -d debug messages.
/usr/sbin/squid_kerb_ldap -d -g SOCKS_ALLOW@xxxxxxxxx
2010/10/26 19:26:21| squid_kerb_ldap: Starting version 1.2.1a
2010/10/26 19:26:21| squid_kerb_ldap: Group list SOCKS_ALLOW@xxxxxxxxx
2010/10/26 19:26:21| squid_kerb_ldap: Group SOCKS_ALLOW Domain SUSE.HOME
2010/10/26 19:26:21| squid_kerb_ldap: Netbios list NULL
2010/10/26 19:26:21| squid_kerb_ldap: No netbios names defined.
external_acl_type SQUID_KERB_LDAP ttl=3600 negative_ttl=3600 ipv4 %LOGIN
/usr/local/squid/libexec/squid_kerb_ldap -g UserGroup@xxxxxxxxxx -i
Maybe it will be usefull for someone else.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Problem-with-SQUID-KERB-LDAP-tp1468788p3013710.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Regards
Markus