Hi.
On 05.11.2010 21:01, Markus Moeller wrote:
Hi
I get the same successful results on 64 bit FreeBSD 8.0.
$ uname -a
FreeBSD freebsd-80-64.freebsd.home 8.0-RELEASE FreeBSD 8.0-RELEASE #0:
Sat Nov 21 15:02:08 UTC 2009
root@xxxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/GENERIC amd64
$ ldd squid_kerb_ldap
squid_kerb_ldap:
libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x800652000)
libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x80075b000)
libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x800860000)
libhx509.so.10 => /usr/lib/libhx509.so.10 (0x8009cd000)
libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x800b0c000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x800c0e000)
libasn1.so.10 => /usr/lib/libasn1.so.10 (0x800ea6000)
libroken.so.10 => /usr/lib/libroken.so.10 (0x801025000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x801136000)
libldap-2.4.so.7 => /usr/local/lib/libldap-2.4.so.7 (0x80124f000)
liblber-2.4.so.7 => /usr/local/lib/liblber-2.4.so.7 (0x801390000)
libc.so.7 => /lib/libc.so.7 (0x80149d000)
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x8016d7000)
libssl.so.6 => /usr/lib/libssl.so.6 (0x8017ef000)
Is it possible that you have another kerberos package installed ? How
does your ldd look ? I installed a standard freebsd 8.0 84 bit plus
ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/8.0-RELEASE/packages/net/openldap-sasl-client-2.4.18.tbz
for ldap with sasl support.
First of all, sorry for a delayed answer, I'm not of that kind of persons
that ask for help and never read answers. I had a couple of harsh weeks
with crashes and late working. :)
Yes, I have multiple krb5 installations on machines where the build didn't
succeed due to incompatible types, you were right. Also I have updated the
production proxy that was on FreeBSD 7.2 to 8.1 (and had a harsh week due
to wonderful em(4) issue, fixed in -STABLE), but now the building on this
machine is fine, except one warning that can be easily fixed by
removing -Werror (once again, why -Werror ?).
If you're interested the warning is about:
[...]
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings
-Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement
-Wshadow -MT support_group.o -MD -MP -MF .deps/support_group.Tpo -c -o
support_group.o support_group.c
support_group.c: In function 'utf8dup':
support_group.c:43: warning: declaration of 'dup' shadows a global
declaration
/usr/include/unistd.h:330: warning: shadowed declaration is here
[...]
So, the build succeed, helper doesn't crash on startup, but now I have
problems connecting to ldap servers.
I saw in your reply that you are using the KDC on a SuSe linux. I'm using
KDC on Windows 2003/2008, and it does work just perfect with
squid_ldap_group (but I really miss nested groups :)).
Debug looks like:
===Cut===
# ./squid_kerb_group.sh
2010/11/13 14:26:21| squid_kerb_ldap: Starting version 1.2.1a
2010/11/13 14:26:21| squid_kerb_ldap: Group list
Internet%20Users%20-%20Proxy1@
2010/11/13 14:26:21| squid_kerb_ldap: Group Internet%20Users%20-%20Proxy1
Domain
2010/11/13 14:26:21| squid_kerb_ldap: Netbios list SOFTLAB@xxxxxxxxx
2010/11/13 14:26:21| squid_kerb_ldap: Netbios name SOFTLAB Domain
NORMA.COM
emz@xxxxxxxxx
2010/11/13 14:26:25| squid_kerb_ldap: Got User: emz Domain: NORMA.COM
2010/11/13 14:26:25| squid_kerb_ldap: User domain loop: group@domain
Internet%20Users%20-%20Proxy1@
2010/11/13 14:26:25| squid_kerb_ldap: Default domain loop: group@domain
Internet%20Users%20-%20Proxy1@
2010/11/13 14:26:25| squid_kerb_ldap: Found group@domain
Internet%20Users%20-%20Proxy1@
2010/11/13 14:26:25| squid_kerb_ldap: Setup Kerberos credential cache
2010/11/13 14:26:25| squid_kerb_ldap: Get default keytab file name
2010/11/13 14:26:25| squid_kerb_ldap: Got default keytab file name
/usr/local/etc/squid/HTTP.keytab
2010/11/13 14:26:25| squid_kerb_ldap: Get principal name from keytab
/usr/local/etc/squid/HTTP.keytab
2010/11/13 14:26:25| squid_kerb_ldap: Keytab entry has realm name:
NORMA.COM
2010/11/13 14:26:25| squid_kerb_ldap: Found principal name:
HTTP/proxy-wizard.norma.com.@xxxxxxxxx
2010/11/13 14:26:25| squid_kerb_ldap: Set credential cache to
MEMORY:squid_ldap_17129
2010/11/13 14:26:25| squid_kerb_ldap: Got principal name
HTTP/proxy-wizard.norma.com.@xxxxxxxxx
2010/11/13 14:26:26| squid_kerb_ldap: Stored credentials
2010/11/13 14:26:26| squid_kerb_ldap: Initialise ldap connection
2010/11/13 14:26:26| squid_kerb_ldap: Canonicalise ldap server name for
domain NORMA.COM
2010/11/13 14:26:26| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM
record to spb-dc.norma.com
2010/11/13 14:26:26| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM
record to sad-srv.norma.com
2010/11/13 14:26:26| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM
record to hq-gc.norma.com
2010/11/13 14:26:26| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM
record to hq-dc.norma.com
2010/11/13 14:26:26| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM
record to nb-dc.norma.com
2010/11/13 14:26:26| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM
record to sam-dc.norma.com
2010/11/13 14:26:26| squid_kerb_ldap: Resolved address 1 of NORMA.COM to
192.168.3.34
2010/11/13 14:26:26| squid_kerb_ldap: Resolved address 2 of NORMA.COM to
192.168.3.45
2010/11/13 14:26:26| squid_kerb_ldap: Resolved address 3 of NORMA.COM to
192.168.3.34
2010/11/13 14:26:26| squid_kerb_ldap: Resolved address 4 of NORMA.COM to
192.168.3.45
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 5 of NORMA.COM to
192.168.3.34
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 6 of NORMA.COM to
192.168.3.45
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 7 of NORMA.COM to
192.168.92.189
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 8 of NORMA.COM to
192.168.92.189
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 9 of NORMA.COM to
192.168.92.189
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 10 of NORMA.COM to
192.168.0.9
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 11 of NORMA.COM to
192.168.173.3
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 12 of NORMA.COM to
192.168.180.3
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 13 of NORMA.COM to
192.168.0.9
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 14 of NORMA.COM to
192.168.173.3
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 15 of NORMA.COM to
192.168.180.3
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 16 of NORMA.COM to
192.168.0.9
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 17 of NORMA.COM to
192.168.173.3
2010/11/13 14:26:27| squid_kerb_ldap: Resolved address 18 of NORMA.COM to
192.168.180.3
2010/11/13 14:26:27| squid_kerb_ldap: Sorted ldap server names for domain
NORMA.COM:
2010/11/13 14:26:27| squid_kerb_ldap: Host: sad-srv.norma.com Port: 389
Priority: 0 Weight: 100
2010/11/13 14:26:27| squid_kerb_ldap: Host: hq-gc.norma.com Port: 389
Priority: 0 Weight: 100
2010/11/13 14:26:27| squid_kerb_ldap: Host: hq-dc.norma.com Port: 389
Priority: 0 Weight: 100
2010/11/13 14:26:27| squid_kerb_ldap: Host: nb-dc.norma.com Port: 389
Priority: 0 Weight: 100
2010/11/13 14:26:27| squid_kerb_ldap: Host: sam-dc.norma.com Port: 389
Priority: 0 Weight: 100
2010/11/13 14:26:27| squid_kerb_ldap: Host: spb-dc.norma.com Port: 389
Priority: 0 Weight: 100
2010/11/13 14:26:27| squid_kerb_ldap: Host: 192.168.92.189 Port: -1
Priority: -1 Weight: -1
2010/11/13 14:26:27| squid_kerb_ldap: Host: 192.168.0.9 Port: -1
Priority: -1 Weight: -1
2010/11/13 14:26:27| squid_kerb_ldap: Host: 192.168.173.3 Port: -1
Priority: -1 Weight: -1
2010/11/13 14:26:27| squid_kerb_ldap: Host: 192.168.3.34 Port: -1
Priority: -1 Weight: -1
2010/11/13 14:26:27| squid_kerb_ldap: Host: 192.168.3.45 Port: -1
Priority: -1 Weight: -1
2010/11/13 14:26:27| squid_kerb_ldap: Host: 192.168.180.3 Port: -1
Priority: -1 Weight: -1
2010/11/13 14:26:27| squid_kerb_ldap: Setting up connection to ldap server
sad-srv.norma.com:389
2010/11/13 14:26:27| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:28| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:28| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:28| squid_kerb_ldap: Setting up connection to ldap server
hq-gc.norma.com:389
2010/11/13 14:26:28| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:29| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:29| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:29| squid_kerb_ldap: Setting up connection to ldap server
hq-dc.norma.com:389
2010/11/13 14:26:29| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:29| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:29| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:29| squid_kerb_ldap: Setting up connection to ldap server
nb-dc.norma.com:389
2010/11/13 14:26:29| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:29| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:29| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:29| squid_kerb_ldap: Setting up connection to ldap server
sam-dc.norma.com:389
2010/11/13 14:26:29| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:30| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:30| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:30| squid_kerb_ldap: Setting up connection to ldap server
spb-dc.norma.com:389
2010/11/13 14:26:30| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:30| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:30| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:30| squid_kerb_ldap: Setting up connection to ldap server
192.168.92.189:389
2010/11/13 14:26:30| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:31| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:31| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:31| squid_kerb_ldap: Setting up connection to ldap server
192.168.0.9:389
2010/11/13 14:26:31| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:31| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:31| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:31| squid_kerb_ldap: Setting up connection to ldap server
192.168.173.3:389
2010/11/13 14:26:31| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:32| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:32| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:32| squid_kerb_ldap: Setting up connection to ldap server
192.168.3.34:389
2010/11/13 14:26:32| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:32| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:32| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:32| squid_kerb_ldap: Setting up connection to ldap server
192.168.3.45:389
2010/11/13 14:26:32| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:33| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:33| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:33| squid_kerb_ldap: Setting up connection to ldap server
192.168.180.3:389
2010/11/13 14:26:33| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/13 14:26:33| squid_kerb_ldap: ldap_sasl_interactive_bind_s error:
Local error
2010/11/13 14:26:33| squid_kerb_ldap: Error while binding to ldap server
with SASL/GSSAPI: Local error
2010/11/13 14:26:33| squid_kerb_ldap: Error during initialisation of ldap
connection: Bad file descriptor
2010/11/13 14:26:33| squid_kerb_ldap: Error during initialisation of ldap
connection: Bad file descriptor
2010/11/13 14:26:33| squid_kerb_ldap: User emz is not member of
group@domain Internet%20Users%20-%20Proxy1@
2010/11/13 14:26:33| squid_kerb_ldap: Default group loop: group@domain
Internet%20Users%20-%20Proxy1@
ERR
2010/11/13 14:26:33| squid_kerb_ldap: ERR
===Cut===
I'm using openldap-client built with sasl support too.
Any thought on what I'm doing wrong ?
Thanks.
Eugene.