Search squid archive

Re: Re: Re: squid_ldap_group against nested groups/Ous

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

 I get the same successful results on 64 bit FreeBSD 8.0.

$ uname -a
FreeBSD freebsd-80-64.freebsd.home 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@xxxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/GENERIC amd64

$ ldd squid_kerb_ldap
squid_kerb_ldap:
       libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x800652000)
       libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x80075b000)
       libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x800860000)
       libhx509.so.10 => /usr/lib/libhx509.so.10 (0x8009cd000)
       libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x800b0c000)
       libcrypto.so.6 => /lib/libcrypto.so.6 (0x800c0e000)
       libasn1.so.10 => /usr/lib/libasn1.so.10 (0x800ea6000)
       libroken.so.10 => /usr/lib/libroken.so.10 (0x801025000)
       libcrypt.so.5 => /lib/libcrypt.so.5 (0x801136000)
       libldap-2.4.so.7 => /usr/local/lib/libldap-2.4.so.7 (0x80124f000)
       liblber-2.4.so.7 => /usr/local/lib/liblber-2.4.so.7 (0x801390000)
       libc.so.7 => /lib/libc.so.7 (0x80149d000)
       libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x8016d7000)
       libssl.so.6 => /usr/lib/libssl.so.6 (0x8017ef000)

Is it possible that you have another kerberos package installed ? How does your ldd look ? I installed a standard freebsd 8.0 84 bit plus ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/8.0-RELEASE/packages/net/openldap-sasl-client-2.4.18.tbz for ldap with sasl support.

Markus

"Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> wrote in message news:ib12hn$ei5$1@xxxxxxxxxxxxxxxxxx
Hi,

I tested on a 7.0 (32bit) box without issuse. I will try next a 8.0 64bit.

$ uname -a
FreeBSD freebsd.freebsd.home 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root@xxxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/GENERIC i386

$ make clean; make
Making clean in .
test -z "squid_kerb_ldap" || rm -f squid_kerb_ldap
rm -f *.o
make  all-recursive
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT squid_kerb_ldap.o -MD -MP -MF .deps/squid_kerb_ldap.Tpo -c -o squid_kerb_ldap.o squid_kerb_ldap.c
mv -f .deps/squid_kerb_ldap.Tpo .deps/squid_kerb_ldap.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_group.o -MD -MP -MF .deps/support_group.Tpo -c -o support_group.o support_group.c
mv -f .deps/support_group.Tpo .deps/support_group.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_netbios.o -MD -MP -MF .deps/support_netbios.Tpo -c -o support_netbios.o support_netbios.c
mv -f .deps/support_netbios.Tpo .deps/support_netbios.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_member.o -MD -MP -MF .deps/support_member.Tpo -c -o support_member.o support_member.c
mv -f .deps/support_member.Tpo .deps/support_member.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_krb5.o -MD -MP -MF .deps/support_krb5.Tpo -c -o support_krb5.o support_krb5.c
mv -f .deps/support_krb5.Tpo .deps/support_krb5.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_ldap.o -MD -MP -MF .deps/support_ldap.Tpo -c -o support_ldap.o support_ldap.c
mv -f .deps/support_ldap.Tpo .deps/support_ldap.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_sasl.o -MD -MP -MF .deps/support_sasl.Tpo -c -o support_sasl.o support_sasl.c
cc1: warnings being treated as errors
In file included from support_sasl.c:30:
/usr/local/include/sasl/sasl.h:349: warning: function declaration isn't a prototype
*** Error code 1

Stop in /usr/home/markus/squid_kerb_ldap-1.2.1a.
*** Error code 1

Stop in /usr/home/markus/squid_kerb_ldap-1.2.1a.
*** Error code 1

Stop in /usr/home/markus/squid_kerb_ldap-1.2.1a.
$ gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_sasl.o -MD -MP -MF .deps/support_sasl.Tpo -c -o support_sasl.o support_sasl.c
In file included from support_sasl.c:30:
/usr/local/include/sasl/sasl.h:349: warning: function declaration isn't a prototype
$ make
make  all-recursive
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -MT support_resolv.o -MD -MP -MF .deps/support_resolv.Tpo -c -o support_resolv.o support_resolv.c
mv -f .deps/support_resolv.Tpo .deps/support_resolv.Po
gcc -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -Wl,-R/usr/lib -L/usr/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err -L/usr/local/lib -Wl,-R/usr/local/lib -o squid_kerb_ldap squid_kerb_ldap.o support_group.o support_netbios.o support_member.o support_krb5.o support_ldap.o support_sasl.o support_resolv.o -lldap -llber


$ ldd squid_kerb_ldap
squid_kerb_ldap:
       libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x28088000)
       libkrb5.so.9 => /usr/lib/libkrb5.so.9 (0x2808f000)
       libasn1.so.9 => /usr/lib/libasn1.so.9 (0x280c9000)
       libcrypto.so.5 => /lib/libcrypto.so.5 (0x280f2000)
       libroken.so.9 => /usr/lib/libroken.so.9 (0x2824b000)
       libcrypt.so.4 => /lib/libcrypt.so.4 (0x28258000)
       libcom_err.so.4 => /usr/lib/libcom_err.so.4 (0x28271000)
       libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 (0x28273000)
       liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x282ae000)
       libc.so.7 => /lib/libc.so.7 (0x282bb000)
       libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x283b7000)
       libssl.so.5 => /usr/lib/libssl.so.5 (0x283ce000)

$ ktutil list --keys
squid.keytab:

Vno  Type              Principal                                 Key
3 arcfour-hmac-md5 HTTP/opensuse11.suse.home@xxxxxxxxx 124b2a7a83c3ef21852a2571d64a8eee 3 des3-cbc-sha1 HTTP/opensuse11.suse.home@xxxxxxxxx fb91f7f140622562617f5e3ead9b802a6eb5cd2025869432
 3  des-cbc-crc       HTTP/opensuse11.suse.home@xxxxxxxxx 8f64e67504b6f464

$  ./squid_kerb_ldap -d -g SOCKS_ALLOW@xxxxxxxxx
2010/11/05 13:55:53| squid_kerb_ldap: Starting version 1.2.1a
2010/11/05 13:55:53| squid_kerb_ldap: Group list SOCKS_ALLOW@xxxxxxxxx
2010/11/05 13:55:53| squid_kerb_ldap: Group SOCKS_ALLOW  Domain SUSE.HOME
2010/11/05 13:55:53| squid_kerb_ldap: Netbios list NULL
2010/11/05 13:55:53| squid_kerb_ldap: No netbios names defined.
markus@xxxxxxxxx
2010/11/05 13:55:59| squid_kerb_ldap: Got User: markus Domain: SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: User domain loop: group@domain SOCKS_ALLOW@xxxxxxxxx 2010/11/05 13:55:59| squid_kerb_ldap: Found group@domain SOCKS_ALLOW@xxxxxxxxx
2010/11/05 13:55:59| squid_kerb_ldap: Setup Kerberos credential cache
2010/11/05 13:55:59| squid_kerb_ldap: Get default keytab file name
2010/11/05 13:55:59| squid_kerb_ldap: Got default keytab file name squid.keytab 2010/11/05 13:55:59| squid_kerb_ldap: Get principal name from keytab squid.keytab 2010/11/05 13:55:59| squid_kerb_ldap: Keytab entry has realm name: SUSE.HOME 2010/11/05 13:55:59| squid_kerb_ldap: Found principal name: HTTP/opensuse11.suse.home@xxxxxxxxx 2010/11/05 13:55:59| squid_kerb_ldap: Set credential cache to MEMORY:squid_ldap_21691 2010/11/05 13:55:59| squid_kerb_ldap: Got principal name HTTP/opensuse11.suse.home@xxxxxxxxx
2010/11/05 13:55:59| squid_kerb_ldap: Stored credentials
2010/11/05 13:55:59| squid_kerb_ldap: Initialise ldap connection
2010/11/05 13:55:59| squid_kerb_ldap: Canonicalise ldap server name for domain SUSE.HOME 2010/11/05 13:56:04| squid_kerb_ldap: Resolved SRV _ldap._tcp.SUSE.HOME record to opensuse11.suse.home 2010/11/05 13:56:04| squid_kerb_ldap: Resolved address 1 of SUSE.HOME to opensuse11.suse.home 2010/11/05 13:56:04| squid_kerb_ldap: Resolved address 2 of SUSE.HOME to opensuse11.suse.home
2010/11/05 13:56:04| squid_kerb_ldap: Adding host SUSE.HOME to list
2010/11/05 13:56:04| squid_kerb_ldap: Sorted ldap server names for domain SUSE.HOME: 2010/11/05 13:56:04| squid_kerb_ldap: Host: opensuse11.suse.home Port: 389 Priority: 0 Weight: 0 2010/11/05 13:56:04| squid_kerb_ldap: Host: SUSE.HOME Port: -1 Priority: -2 Weight: -2 2010/11/05 13:56:04| squid_kerb_ldap: Setting up connection to ldap server opensuse11.suse.home:389
2010/11/05 13:56:04| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/05 13:56:04| squid_kerb_ldap: Successfully initialised connection to ldap server opensuse11.suse.home:389 2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path "" and filter: (objectclass=*) 2010/11/05 13:56:04| squid_kerb_ldap: Search ldap entries for attribute : schemaNamingContext 2010/11/05 13:56:04| squid_kerb_ldap: 0 ldap entries found with attribute : schemaNamingContext 2010/11/05 13:56:04| squid_kerb_ldap: Did not find ldap entry for subschemasubentry 2010/11/05 13:56:04| squid_kerb_ldap: Determined ldap server not as an Active Directory server 2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path dc=SUSE,dc=HOME and filter : (memberuid=markus)
2010/11/05 13:56:04| squid_kerb_ldap: Found 0 ldap entries
2010/11/05 13:56:04| squid_kerb_ldap: Search for primary group membership: "SOCKS_ALLOW" 2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path dc=SUSE,dc=HOME and filter: (uid=markus)
2010/11/05 13:56:04| squid_kerb_ldap: Found 1 ldap entry
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap entries for attribute : gidNumber 2010/11/05 13:56:04| squid_kerb_ldap: 1 ldap entry found with attribute : gidNumber 2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path dc=SUSE,dc=HOME and filter: (&(gidNumber=1000)(objectclass=posixgroup)) 2010/11/05 13:56:04| squid_kerb_ldap: Search ldap entries for attribute : cn 2010/11/05 13:56:04| squid_kerb_ldap: 1 ldap entry found with attribute : cn 2010/11/05 13:56:04| squid_kerb_ldap: "SOCKS_ALLOW" matches group name "SOCKS_ALLOW" 2010/11/05 13:56:04| squid_kerb_ldap: Users primary group matches SOCKS_ALLOW
2010/11/05 13:56:04| squid_kerb_ldap: Unbind ldap server
2010/11/05 13:56:04| squid_kerb_ldap: User markus is member of group@domain SOCKS_ALLOW@xxxxxxxxx
OK
2010/11/05 13:56:04| squid_kerb_ldap: OK

Markus
"Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> wrote in message news:ian1vr$bia$1@xxxxxxxxxxxxxxxxxx
Let me see if I can get a 8.0/7.x build. Does it compile AND work on 8.1 or do you still see the crash when reading the keytab ?

Markus

"Eugene M. Zheganin" <eugene@xxxxxxxxx> wrote in message news:4CCD5F0E.9080708@xxxxxxxxxxxx
 Hi.

On 30.10.2010 00:14, Markus Moeller wrote:
Hi,

I have now a 64bit freebsd box and can not replicate the error. Also the compile error I got where only a symbol problem dup in support_group and the sasl prototype error.

Yeah, I agree, on fresh 8.1 installation it does compile (with -Werror commented out).
On non-fresh 8.0/7.x it doesn't.

8.0 has heimdal 1.1.0 and 7.x has 0.6.3; however the symptoms are the same.

Is there something I can do to narrow the scope or the supposed decision is upgrade everywhere to 8.1 ?

Thanks.
Eugene.












[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux