Hi. Lol, saw this message today while fighting exactly the same trouble. I guess Anton already resolved this situation, but for future reference I decided to leave a trail in the archives: this message can be caused (it mostly probable is caused by, but still, there can be another reasons) by openldap-client being compiled without SASL. And this can happen if a portupgrade/portmaster has been used to install it, because net/openldapXX-sasl-client port is sort of a holy grail for portmaster tool and similar one (this is a metaport, and after an option "[x] SASL" has been removed in the main port, this is now a total mess) - always been searched for, but never found. On 24.11.2012 18:31, Markus Moeller wrote: > Hi > > I assume you use openldap on your freebsd build. Can you try from > the command line: > > # kinit -kt /usr/local/etc/HTTP.keytab > HTTP/proxy.m-tisiz.local@M-TISIZ.LOCAL > # ldapsearch -d 999 -H ldap://pollux.m-tisiz.local:389 -Y GSSAPI -O > "maxssf=56" -b dc=M-TISIZ,dc=LOCAL -s sub "(samaccountname=antec)" > > and send me the output ? > > Regards > Markus > > > "Подшивалов Антон" <support@xxxxxxxxxxxxxxxxx> wrote in message > news:95378ca7accc17ee30ecf07a71c9b6b2@xxxxxxxxxxxxxxxxx... >> Hello! >> I use: >> proxy# uname -a >> FreeBSD proxy.m-tisiz.local 8.3-RELEASE-p1 FreeBSD 8.3-RELEASE-p1 #0: >> Wed May 23 22:56:59 MSK 2012 >> ant@freebsd.m-tisiz.local:/usr/obj/usr/src/sys/AnteC_kernel i386 >> >> I try to authenticate squid user by Active Directory. But have some >> error when use squid_kerb_ldap external helper: >> >> proxy# /usr/local/libexec/squid/squid_kerb_ldap -d -D M-TISIZ.LOCAL >> -g inet_users@ >> 2012/11/23 16:04:20| squid_kerb_ldap: Starting version 1.2.2 >> 2012/11/23 16:04:20| squid_kerb_ldap: Group list inet_users@ >> 2012/11/23 16:04:20| squid_kerb_ldap: Group inet_users Domain >> 2012/11/23 16:04:20| squid_kerb_ldap: Netbios list NULL >> 2012/11/23 16:04:20| squid_kerb_ldap: No netbios names defined. >> 2012/11/23 16:04:20| squid_kerb_ldap: ldap server list NULL >> 2012/11/23 16:04:20| squid_kerb_ldap: No ldap servers defined. >> antec >> 2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec set default >> domain: M-TISIZ.LOCAL >> 2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec Domain: >> M-TISIZ.LOCAL >> 2012/11/23 16:04:23| squid_kerb_ldap: User domain loop: group@domain >> inet_users@ >> 2012/11/23 16:04:23| squid_kerb_ldap: Default domain loop: >> group@domain inet_users@ >> 2012/11/23 16:04:23| squid_kerb_ldap: Found group@domain inet_users@ >> 2012/11/23 16:04:23| squid_kerb_ldap: Setup Kerberos credential cache >> 2012/11/23 16:04:23| squid_kerb_ldap: Get default keytab file name >> 2012/11/23 16:04:23| squid_kerb_ldap: Got default keytab file name >> /usr/local/etc/HTTP.keytab >> 2012/11/23 16:04:23| squid_kerb_ldap: Get principal name from keytab >> /usr/local/etc/HTTP.keytab >> 2012/11/23 16:04:23| squid_kerb_ldap: Keytab entry has realm name: >> M-TISIZ.LOCAL >> 2012/11/23 16:04:23| squid_kerb_ldap: Found principal name: >> HTTP/proxy.m-tisiz.local@M-TISIZ.LOCAL >> 2012/11/23 16:04:23| squid_kerb_ldap: Set credential cache to >> MEMORY:squid_ldap_16670 >> 2012/11/23 16:04:23| squid_kerb_ldap: Got principal name >> HTTP/proxy.m-tisiz.local@M-TISIZ.LOCAL >> 2012/11/23 16:04:23| squid_kerb_ldap: Stored credentials >> 2012/11/23 16:04:23| squid_kerb_ldap: Initialise ldap connection >> 2012/11/23 16:04:23| squid_kerb_ldap: Canonicalise ldap server name >> for domain M-TISIZ.LOCAL >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV >> _ldap._tcp.M-TISIZ.LOCAL record to altair.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV >> _ldap._tcp.M-TISIZ.LOCAL record to pollux.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 1 of >> M-TISIZ.LOCAL to altair.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 2 of >> M-TISIZ.LOCAL to pollux.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 3 of >> M-TISIZ.LOCAL to altair.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 4 of >> M-TISIZ.LOCAL to pollux.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 5 of >> M-TISIZ.LOCAL to altair.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 6 of >> M-TISIZ.LOCAL to pollux.m-tisiz.local >> 2012/11/23 16:04:23| squid_kerb_ldap: Adding M-TISIZ.LOCAL to list >> 2012/11/23 16:04:23| squid_kerb_ldap: Sorted ldap server names for >> domain M-TISIZ.LOCAL: >> 2012/11/23 16:04:23| squid_kerb_ldap: Host: pollux.m-tisiz.local >> Port: 389 Priority: 0 Weight: 100 >> 2012/11/23 16:04:23| squid_kerb_ldap: Host: altair.m-tisiz.local >> Port: 389 Priority: 0 Weight: 100 >> 2012/11/23 16:04:23| squid_kerb_ldap: Host: M-TISIZ.LOCAL Port: -1 >> Priority: -2 Weight: -2 >> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap >> server pollux.m-tisiz.local:389 >> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with >> SASL/GSSAPI >> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set >> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server >> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap >> server with SASL/GSSAPI: Can't contact LDAP server >> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap >> server altair.m-tisiz.local:389 >> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with >> SASL/GSSAPI >> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set >> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server >> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap >> server with SASL/GSSAPI: Can't contact LDAP server >> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap >> server M-TISIZ.LOCAL:389 >> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with >> SASL/GSSAPI >> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set >> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server >> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap >> server with SASL/GSSAPI: Can't contact LDAP server >> 2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of >> ldap connection: No such file or directory >> 2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of >> ldap connection: No such file or directory >> 2012/11/23 16:04:23| squid_kerb_ldap: User antec is not member of >> group@domain inet_users@ >> 2012/11/23 16:04:23| squid_kerb_ldap: Default group loop: >> group@domain inet_users@ >> ERR >>
