Hi. yes, i see this now. it's strange... authentication is working fine... i can surf the web... but im having some error in cache.log... tail -f /var/log/squid/cache.log 2016/09/29 15:43:37 kid1| Adding nameserver 192.168.1.10 from squid.conf 2016/09/29 15:43:37 kid1| Adding nameserver 192.168.1.6 from squid.conf 2016/09/29 15:43:37 kid1| helperOpenServers: Starting 5/32 'ssl_crtd' processes 2016/09/29 15:43:37 kid1| helperOpenServers: Starting 0/10 'negotiate_kerberos_auth' processes 2016/09/29 15:43:37 kid1| helperStatefulOpenServers: No 'negotiate_kerberos_auth' processes needed. 2016/09/29 15:43:37 kid1| helperOpenServers: Starting 5/5 'ext_kerberos_ldap_group_acl' processes 2016/09/29 15:43:38 kid1| helperOpenServers: Starting 5/5 'ext_kerberos_ldap_group_acl' processes 2016/09/29 15:43:38 kid1| HTCP Disabled. 2016/09/29 15:43:38 kid1| Finished loading MIME types and icons. 2016/09/29 15:43:38 kid1| Accepting SSL bumped HTTP Socket connections at local=192.168.1.12:3128 remote=[::] FD 49 flags=9 2016/09/29 15:44:15 kid1| Starting new negotiateauthenticator helpers... 2016/09/29 15:44:15 kid1| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes support_krb5.cc(64): pid=11755 :2016/09/29 15:44:15| kerberos_ldap_group: ERROR: Error while initialising credentials from keytab : Preauthentication failed support_krb5.cc(64): pid=11755 :2016/09/29 15:44:15| kerberos_ldap_group: ERROR: Error while initialising credentials from keytab : Preauthentication failed support_krb5.cc(64): pid=11755 :2016/09/29 15:44:15| kerberos_ldap_group: ERROR: Error while initialising credentials from keytab : Preauthentication failed 2016/09/29 15:44:27 kid1| Starting new negotiateauthenticator helpers... 2016/09/29 15:44:27 kid1| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes 2016/09/29 15:44:27 kid1| Starting new negotiateauthenticator helpers... 2016/09/29 15:44:27 kid1| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes 2016/09/29 15:44:27 kid1| Starting new negotiateauthenticator helpers... 2016/09/29 15:44:27 kid1| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes 2016/09/29 15:44:27 kid1| Starting new negotiateauthenticator helpers... 2016/09/29 15:44:27 kid1| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes 2016/09/29 15:44:27 kid1| Starting new negotiateauthenticator helpers... 2016/09/29 15:44:27 kid1| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes 2016/09/29 15:44:27 kid1| Starting new negotiateauthenticator helpers... 2016/09/29 15:44:27 kid1| helperOpenServers: Starting 1/10 'negotiate_kerberos_auth' processes support_krb5.cc(64): pid=11760 :2016/09/29 15:45:03| kerberos_ldap_group: ERROR: Error while initialising credentials from keytab : Preauthentication failed support_krb5.cc(64): pid=11760 :2016/09/29 15:45:03| kerberos_ldap_group: ERROR: Error while initialising credentials from keytab : Preauthentication failed support_krb5.cc(64): pid=11760 :2016/09/29 15:45:03| kerberos_ldap_group: ERROR: Error while initialising credentials from keytab : Preauthentication failed This is access.log 1475174886.981 23 192.168.1.121 TCP_MEM_HIT/200 3993 GET http://images.clarin.com/deportes/Boca-Lanus_CLAVID20160928_0082_32.jpg user1@xxxxxxxxxxx HIER_NONE/- image/jpeg 1475174886.994 41 192.168.1.121 TCP_MEM_HIT/200 4601 GET http://images.clarin.com/deportes/penales-dieron-triunfo-Boca_CLAVID20160928_0085_32.jpg user1@xxxxxxxxxxx HIER_NONE/- image/jpeg 1475174887.124 148 192.168.1.121 TCP_MISS/200 19321 GET http://images.clarin.com/politica/Bonafini-Cesar-Milani-Asociacon-Madres_CLAIMA20160622_0266_47.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174887.139 182 192.168.1.121 TCP_MISS/200 4389 GET http://images.clarin.com/extrashow/Cristian-Castro-winner_CLAVID20160929_0011_32.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174887.280 288 192.168.1.121 TCP_MISS/200 20143 GET http://images.clarin.com/politica/Macri-Tecnopolis-presentar-proyectos-emprendedores_CLAIMA20160821_0007_44.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174887.340 163 192.168.1.121 TCP_MISS/200 5715 GET http://images.clarin.com/mundo/herida-choque-Nueva-Jersey-AFP_CLAIMA20160929_0106_44.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174887.369 411 192.168.1.121 TCP_MISS/200 29566 GET http://images.clarin.com/policiales/jefatura-departamental-frente-edificios-publicos_CLAIMA20160408_0426_50.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174887.388 95 192.168.1.121 TCP_MISS/200 5185 GET http://images.clarin.com/mundo/Hoboken-edificios-Nueva-York-AP_CLAIMA20160929_0127_45.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174888.099 1141 192.168.1.121 TCP_MISS/200 20771 GET http://images.clarin.com/politica/Reunion-CGT-Gobierno-Foto-DyN_CLAIMA20160929_0102_43.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174888.099 963 192.168.1.121 TCP_MISS/200 4238 GET http://images.clarin.com/politica/Sanfelice-Cristobal-Kirchner-Gallegos-OPI_CLAIMA20160211_0039_49.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174888.099 682 192.168.1.121 TCP_MISS/200 5958 GET http://images.clarin.com/politica/Camano-Diputados-Guillermo-Rodriguez-Adami_CLAIMA20160929_0033_44.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174888.099 722 192.168.1.121 TCP_MISS/200 16558 GET http://images.clarin.com/politica/Amado-Boudou-clase-magistral-Plata_CLAIMA20160929_0153_43.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174888.099 1141 192.168.1.121 TCP_MISS/200 16419 GET http://www.googletagmanager.com/gtm.js? user1@xxxxxxxxxxx HIER_DIRECT/216.58.222.136 application/javascript 1475174888.099 740 192.168.1.121 TCP_MISS/200 25190 GET http://images.clarin.com/mundo/Nueva-Jersey-Tren-estacion-AFP_CLAIMA20160929_0074_46.jpg user1@xxxxxxxxxxx HIER_DIRECT/200.42.136.212 image/jpeg 1475174888.247 0 192.168.1.121 TCP_DENIED/407 4159 CONNECT connect.facebook.net:443 - HIER_NONE/- text/html 1475174888.247 0 192.168.1.121 TCP_DENIED/403 4347 GET http://www.googleadservices.com/pagead/conversion_async.js - HIER_NONE/- text/html 1475174888.333 2428 192.168.1.121 TCP_MISS/200 46659 GET https://cdns.gigya.com/JS/socialize.js? user1@xxxxxxxxxxx HIER_DIRECT/23.7.114.199 text/javascript 1475174888.461 0 192.168.1.121 TCP_DENIED/407 4135 CONNECT api.cxense.com:443 - HIER_NONE/- text/html 1475174888.462 0 192.168.1.121 TCP_DENIED/407 4798 GET http://fonts.gstatic.com/s/roboto/v15/d-6IYplOFocCacKzxwXSOFtXRa8TVwTICgirnJhmVJw.woff2 - HIER_NONE/- text/html 1475174888.462 1 192.168.1.121 TCP_MEM_HIT/200 20022 GET http://www.clarin.com/static/CLAClarinV3/images/spriteHeaderFooter.png user1@xxxxxxxxxxx HIER_NONE/- image/png 1475174888.475 6 192.168.1.121 TCP_HIT/200 15166 GET http://fonts.gstatic.com/s/roboto/v15/d-6IYplOFocCacKzxwXSOFtXRa8TVwTICgirnJhmVJw.woff2 user1@xxxxxxxxxxx HIER_NONE/- font/woff2 1475174888.514 0 192.168.1.121 TCP_DENIED/407 4135 CONNECT cdns.gigya.com:443 - HIER_NONE/- text/html 1475174888.551 0 192.168.1.121 TCP_MEM_HIT/200 1555 GET http://www.clarin.com/static/CLAClarinV3/images/nav-buscador.png user1@xxxxxxxxxxx HIER_NONE/- image/png 1475174888.554 0 192.168.1.121 TCP_MEM_HIT/200 1623 GET http://www.clarin.com/static/CLAClarinV3/images/nav-str.png user1@xxxxxxxxxxx HIER_NONE/- image/png 1475174888.604 0 192.168.1.121 TCP_DENIED/407 4810 GET http://fonts.gstatic.com/s/droidserif/v6/QQt14e8dY39u-eYBZmppwYlIZu-HDpmDIZMigmsroc4.woff2 - HIER_NONE/- text/html 1475174888.611 0 192.168.1.121 TCP_MEM_HIT/200 764 GET http://www.clarin.com/static/CLAClarinV3/images/flash-list.png user1@xxxxxxxxxxx HIER_NONE/- image/png 1475174888.613 7 192.168.1.121 TCP_HIT/200 26762 GET http://fonts.gstatic.com/s/droidserif/v6/QQt14e8dY39u-eYBZmppwYlIZu-HDpmDIZMigmsroc4.woff2 user1@xxxxxxxxxxx HIER_NONE/- font/woff2 1475174888.615 0 192.168.1.121 TCP_MEM_HIT/200 20344 GET http://www.clarin.com/static/CLAClarinV3/images/spriteNoticias.png user1@xxxxxxxxxxx HIER_NONE/- image/png 1475174888.686 0 192.168.1.121 TCP_HIT/200 706 GET http://www.clarin.com/static/CLAClarinV3/images/colR.gif user1@xxxxxxxxxxx HIER_NONE/- image/gif 1475174888.687 0 192.168.1.121 TCP_HIT/200 23254 GET http://fonts.gstatic.com/s/droidserif/v6/0AKsP294HTD-nvJgucYTaI4P5ICox8Kq3LLUNMylGO4.woff2 user1@xxxxxxxxxxx HIER_NONE/- font/woff2 1475174888.696 0 192.168.1.121 TCP_HIT/200 15153 GET http://fonts.gstatic.com/s/roboto/v15/mnpfi9pxYH-Go5UiibESIltXRa8TVwTICgirnJhmVJw.woff2 user1@xxxxxxxxxxx HIER_NONE/- font/woff2 Myconfig ------------------------ ###Kerberos Auth with ActiveDirectory### auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s HTTP/squid.example.lan@xxxxxxxxxxx auth_param negotiate children 10 auth_param negotiate keep_alive on external_acl_type i-limitado ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-limitado@xxxxxxxxxxx external_acl_type i-full ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-full@xxxxxxxxxxx #GRUPOS acl i-limitado external i-limitado acl i-full external i-full i dont understand... why "kerberos_ldap_group: ERROR: Error while initialising credentials from keytab : Preauthentication failed", if i can surf the web, SSO is working, and in access.log i can see the user, etc. then, in practice, no error is perceived. but I have this log ... -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-appropriate-log-file-tp4679740p4679774.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
