|
What Amos is saying and : Try. Remove this line from krb5.conf default_keytab_name =
/etc/squid3/PROXY.keytab and add/create: /etc/default/squid KRB5_KTNAME=/etc/squid3/PROXY.keytab export KRB5_KTNAME chown root:proxy /etc/squid3/PROXY.keytab chmod 440 /etc/squid3/PROXY.keytab Greetz, Louis Van: squid-users
[mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens Alessandro Sironi Hello everyone I'm a newbie regarding SQUID and in general on Linux. I have an Active Directory environment (Windows Server 2012 R2) and a
Linux Debian 8 Jessie configured in the same network. My goal is to install SQUID on Debian, integrate with Active Directory
using Kerberos and autohise users to use SQUID based on Active Directory
asecurity group membership lookup. Long story short, I followed the instructions here http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy#Configure_Squid My test environment: Active Directory domain: KIDANEMEHRET.LOCAL test user: KIDANEMEHRET\test-full Security groups which is member of: "Internet Users Full",
"Internet Users Standard" Test done After having properly configured my test client (Windows 7 joined
to the domain), logged on with the test user KIDANEMEHRET\test-full, configured
internet explorer to use the proxy, what I get everytime I try to browse the
internet is a SQUID page telling me Access Denied. Quick Analisys Having a look at access.log and cache.log (see attached), I understand
that user is properly authenticated (I see KIDANEMEHRET\test-full properly
written in each log). For this reason I suspect the problem is in the authorisation part. I try then to run from terminal the program used in SQUID.CONF to check
authorisation (based on the wiki too); note that I'm running with sudo
otherwise with standard use I get no access to password file: sudo /usr/lib/squid3/ext_ldap_group_acl -R -K -S -b
"dc=kidanemehret,dc=local" -D squid@kidanemehret.local -W
/etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)
(memberof=cn=%g,ou=Service Accounts,ou=USR,dc=kidanemehret,dc=local))" -h
domcon.kidanemehret.local test-full Internet%20Users%20Full Do not get any result: waiting for minutes... Try to use KIDANEMEHRET\test-full instead of test-full without success.
Most likely the problem is here. Do you have any suggestion on how to proceed next? Here you can find ACCESS.LOG, CACHE.LOG, KRB5.CONF and SQUID.CONF Thanks in advance |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
