Hi there,
We would like to implement Squid instead of MS-ISA for our company,
for now the Squid server is running fine, however I'm having some
issues with getting AD authentication working.
I've set my eyes on squid_kerb_ldap to do the job, and if I run it
manually it works, however it takes a long time to get the result.
It appears that the helper is trying to (reverse)resolve all the LDAP servers.
For example:
I'll run this:
/usr/lib64/squid/squid_kerb_ldap -d -g "InternetGroup"@ -N
host/squidproxy001.realm.com@xxxxxxxxx -b "ou=LD,dc=ad,dc=min,dc=nl"
-D REALM.COM
It then gives this:
2011/03/02 17:09:15| squid_kerb_ldap: Starting version 1.2.1a
2011/03/02 17:09:15| squid_kerb_ldap: Group list InternetGroup@
2011/03/02 17:09:15| squid_kerb_ldap: Group InternetGroup Domain
2011/03/02 17:09:15| squid_kerb_ldap: Netbios list
host/squidproxy001.realm.com@xxxxxxxxx
2011/03/02 17:09:15| squid_kerb_ldap: Netbios name
host/squidproxy001.realm.com Domain REALM.COM
I then enter a username which belongs to that Group.
normaluser
Then it continues with the following:
2011/03/02 17:09:18| squid_kerb_ldap: Got User: normaluser set default
domain: REALM.COM
2011/03/02 17:09:18| squid_kerb_ldap: Got User: normaluser Domain: REALM.COM
2011/03/02 17:09:18| squid_kerb_ldap: User domain loop: group@domain
InternetGroup@
2011/03/02 17:09:18| squid_kerb_ldap: Default domain loop:
group@domain InternetGroup@
2011/03/02 17:09:18| squid_kerb_ldap: Found group@domain InternetGroup@
2011/03/02 17:09:18| squid_kerb_ldap: Setup Kerberos credential cache
2011/03/02 17:09:18| squid_kerb_ldap: Get default keytab file name
2011/03/02 17:09:18| squid_kerb_ldap: Got default keytab file name
/etc/squid/squid.keytab
2011/03/02 17:09:18| squid_kerb_ldap: Get principal name from keytab
/etc/squid/squid.keytab
2011/03/02 17:09:18| squid_kerb_ldap: Keytab entry has realm name: REALM.COM
2011/03/02 17:09:18| squid_kerb_ldap: Found principal name:
host/squidproxy001.realm.com@xxxxxxxxx
2011/03/02 17:09:18| squid_kerb_ldap: Set credential cache to
MEMORY:squid_ldap_9552
2011/03/02 17:09:18| squid_kerb_ldap: Got principal name
host/squidproxy001.realm.com@xxxxxxxxx
2011/03/02 17:09:19| squid_kerb_ldap: Stored credentials
2011/03/02 17:09:19| squid_kerb_ldap: Initialise ldap connection
2011/03/02 17:09:19| squid_kerb_ldap: Canonicalise ldap server name
for domain REALM.COM
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl446.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl331.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl329.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl327.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl325.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl473.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl323.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl417.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl456.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl467.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl416.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl443.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl371.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl407.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl444.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl317.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl437.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl453.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl391.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl389.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl408.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl478.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl438.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl474.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl359.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl472.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl314.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl334.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl315.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl318.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl479.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl406.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl399.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl486.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl321.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl481.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl482.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl484.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl319.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl410.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl332.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl330.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl380.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl382.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl313.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl483.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl322.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl454.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl457.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl477.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl312.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl352.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl387.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl445.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl328.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl358.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl374.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl424.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl350.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl311.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl384.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl381.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl369.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl436.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl333.realm.com
2011/03/02 17:09:19| squid_kerb_ldap: Resolved SRV
_ldap._tcp.REALM.COM record to domctrl335.realm.com
2011/03/02 17:09:42| squid_kerb_ldap: Error while resolving ip address
with getnameinfo: Temporary failure in name resolution
2011/03/02 17:09:42| squid_kerb_ldap: Sorted ldap server names for
domain REALM.COM:
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl331.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl329.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl327.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl325.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl473.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl323.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl417.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl456.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl467.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl416.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl443.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl371.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl407.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl444.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl317.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl437.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl453.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl391.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl389.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl408.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl478.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl438.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl474.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl359.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl472.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl314.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl334.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl315.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl318.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl479.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl406.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl399.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl486.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl321.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl481.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl482.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl484.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl319.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl410.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl332.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl330.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl380.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl382.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl313.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl483.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl322.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl454.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl457.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl477.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl312.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl352.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl387.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl445.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl328.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl358.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl374.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl424.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl350.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl311.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl384.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl381.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl369.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl436.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl333.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl446.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Host: domctrl335.realm.com Port:
389 Priority: 0 Weight: 100
2011/03/02 17:09:42| squid_kerb_ldap: Setting up connection to ldap
server domctrl331.realm.com:389
2011/03/02 17:09:42| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:10:05| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:10:05| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:10:05| squid_kerb_ldap: Setting up connection to ldap
server domctrl329.realm.com:389
2011/03/02 17:10:05| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:10:28| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:10:28| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:10:28| squid_kerb_ldap: Setting up connection to ldap
server domctrl327.realm.com:389
2011/03/02 17:10:28| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:10:51| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:10:51| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:10:51| squid_kerb_ldap: Setting up connection to ldap
server domctrl325.realm.com:389
2011/03/02 17:10:51| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:14| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:14| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:14| squid_kerb_ldap: Setting up connection to ldap
server domctrl473.realm.com:389
2011/03/02 17:11:14| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:14| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:14| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:14| squid_kerb_ldap: Setting up connection to ldap
server domctrl323.realm.com:389
2011/03/02 17:11:14| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:14| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:14| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:14| squid_kerb_ldap: Setting up connection to ldap
server domctrl417.realm.com:389
2011/03/02 17:11:14| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:37| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Setting up connection to ldap
server domctrl456.realm.com:389
2011/03/02 17:11:37| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:37| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Setting up connection to ldap
server domctrl467.realm.com:389
2011/03/02 17:11:37| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:37| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Setting up connection to ldap
server domctrl416.realm.com:389
2011/03/02 17:11:37| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:37| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Setting up connection to ldap
server domctrl443.realm.com:389
2011/03/02 17:11:37| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:11:37| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:11:37| squid_kerb_ldap: Setting up connection to ldap
server domctrl371.realm.com:389
2011/03/02 17:11:37| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:12:00| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:12:00| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:12:00| squid_kerb_ldap: Setting up connection to ldap
server domctrl407.realm.com:389
2011/03/02 17:12:00| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:12:23| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:12:23| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:12:23| squid_kerb_ldap: Setting up connection to ldap
server domctrl444.realm.com:389
2011/03/02 17:12:23| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:12:23| squid_kerb_ldap: ldap_sasl_interactive_bind_s
error: Local error
2011/03/02 17:12:23| squid_kerb_ldap: Error while binding to ldap
server with SASL/GSSAPI: Local error
2011/03/02 17:12:23| squid_kerb_ldap: Setting up connection to ldap
server domctrl317.realm.com:389
2011/03/02 17:12:23| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2011/03/02 17:12:23| squid_kerb_ldap: Successfully initialised
connection to ldap server domctrl317.realm.com:389
2011/03/02 17:12:23| squid_kerb_ldap: Search ldap server with bind
path "" and filter: (objectclass=*)
2011/03/02 17:12:23| squid_kerb_ldap: Search ldap entries for
attribute : schemaNamingContext
2011/03/02 17:12:23| squid_kerb_ldap: 1 ldap entry found with
attribute : schemaNamingContext
2011/03/02 17:12:23| squid_kerb_ldap: Search ldap server with bind
path CN=Schema,CN=Configuration,DC=forest,DC=domain,DC=nl and filter:
(ldapdisplayname=samaccountname)
2011/03/02 17:12:23| squid_kerb_ldap: Found 1 ldap entry
2011/03/02 17:12:23| squid_kerb_ldap: Determined ldap server as an
Active Directory server
2011/03/02 17:12:23| squid_kerb_ldap: Search ldap server with bind
path dc=DOMAIN,dc=MIN,dc=NL and filter : (samaccountname=normaluser)
2011/03/02 17:12:23| squid_kerb_ldap: Found 1 ldap entry
2011/03/02 17:12:23| squid_kerb_ldap: Search ldap entries for
attribute : memberof
2011/03/02 17:12:23| squid_kerb_ldap: 16 ldap entries found with
attribute : memberof
2011/03/02 17:12:23| squid_kerb_ldap: Entry 1 "InternetGroup" in hex
UTF-8 is 474f555052656769656b616d6572
2011/03/02 17:12:23| squid_kerb_ldap: Unbind ldap server
2011/03/02 17:12:23| squid_kerb_ldap: User normaluser is member of
group@domain InternetGroup@
OK
2011/03/02 17:12:23| squid_kerb_ldap: OK
So the setup is working, but due to the fact that everything is
resolved it takes a lot of time, not something you want in a
production environment.
Is there a way I can force the helper to use just one domain
controller? Perhaps there are other helpers that can do this, but I
only found this one...
Once this is fixed, I can add this to the squid.conf, and it should work.
Apparently not all the domain controllers have a reverse resolving
address. (I'm guessing that the "Networks Department" has forgotten to
put that one in once in a while).
My krb5.conf file looks like this:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = REALM.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
REALM.COM = {
kdc = 10.20.152.30:88
admin_server = 10.20.32.13:749
default_domain = realm.com
}
[domain_realm]
.realm.com = REALM.COM
realm.com = REALM.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
validate = true
}
I can log in using ldap authentication via ssh, thus the machine is
fully integrated in AD.
Backrgound info:
RHEL6 - 2.6.32-71.el6.x86_64
squid.x86_64 - 7:3.1.4-1.el6
squid_kerb_ldap.x86_64 - 1.2.1a-1.fc13
Thanks in advance.
Essad Korkic
