Search squid archive

Re: ext_kerberos_ldap_group_acl problem (Solved for me for now)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ok, found it.

 

So a resume for a squid 3.5.19 + samba 4.4.5, kerberos auth and kerberos groups on debian jessie.

 

By default the package libsasl2-modules-gssapi-mit  was not installed.  

So i installed it:  apt-get install libsasl2-modules-gssapi-mit

I always install with, --no-install-recommends, here i missed this package.

 

After installing it works fine, at least, .. 

 

This works : (SASL/GSSAPI over port 389)  

/usr/lib/squid3/ext_kerberos_ldap_group_acl -g group-mail@REALM  -D REALM  -N group-mail@REALM

 

But with ssl enabled..

SASL/GSSAPI over port 636 (ldaps)

/usr/lib/squid3/ext_kerberos_ldap_group_acl -g group-mail@REALM  -D REALM  -N group-mail@REALM –s

Or ..

SASL/GSSAPI over port 636 (ldaps) without cert checks.  

/usr/lib/squid3/ext_kerberos_ldap_group_acl -g group-mail@REALM  -D REALM  -N group-mail@REALM –s –a

 

And with also tried adding this to the /etc/default/squid

TLS_CACERTFILE=/etc/ssl/certs/ca-certificates.crt

export TLS_CACERTFILE

 

And adding the _ldaps_._tcp records the samba4/bind_dlz dns didnt help.

(samba-tool dns add ADDC.FQDN REALM _ldaps._tcp SRV  'host.internal.domain.tld 636 0 100')

 

The log part of the remaining errors.  

But no need to fix this for me, im putting this here so people can find it as reference.

 

DEBUG: Set SSL defaults

DEBUG: Disable server certificate check for ldap server.

ERROR: Error while setting start_tls for ldap server: Operations error

DEBUG: Bind to ldap server with SASL/GSSAPI

ERROR: ldap_sasl_interactive_bind_s error: Strong(er) authentication required

ERROR: Error while binding to ldap server with SASL/GSSAPI: Strong(er) authentication required

DEBUG: Setting up connection to ldap server hostname.internal.domain.tld:636

DEBUG: Set SSL defaults

DEBUG: Disable server certificate check for ldap server.

ERROR: Error while setting start_tls for ldap server: Operations error

DEBUG: Bind to ldap server with SASL/GSSAPI

ERROR: ldap_sasl_interactive_bind_s error: Strong(er) authentication required

 

And if someone find the solution for this above, that would be nice to report here.

 

 

Greetz,

 

Louis

 

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux