ldap_sasl_interactive_bind_s error: Can't contact LDAP server

erdosain9 <erdosain9@xxxxxxxxx> · Tue, 20 Feb 2018 06:35:25 -0700 (MST)

Hi. Im having this problem. Im running squid on a Centos 7 container (lxc on
proxmox).

This is cache.log

support_sasl.cc(276): pid=555 :2018/02/20 10:13:34| kerberos_ldap_group:
ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(957): pid=555 :2018/02/20 10:13:34| kerberos_ldap_group:
ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
LDAP server

Can somebody give me a hand???

I dont know what can be bad. This is the config:

 cat /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    default_realm = MYDOMAIN.LAN
    dns_lookup_kdc = no
    dns_lookup_realm = no
    ticket_lifetime = 24h
    default_keytab_name = /etc/squid/PROXY.keytab

; for Windows 2003
;    default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
;    default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
;    permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

; for Windows 2008 with AES
    default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
    default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
    permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5

[realms]
    MYDOMAIN.LAN = {
        kdc = adw-1.mydomain.lan
        kdc = w-data2.mydomain.lan
        admin_server = adw-1.mydomain.lan
        default_domain = mydomain.lan
    }

[domain_realm]
    .mydomain.lan = MYDOMAIN.LAN
    mydomain.lan = MYDOMAIN.LAN  

SQUID.CONF
###Kerberos Auth with ActiveDirectory###
auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s
HTTP/proxy.mydomain.lan@xxxxxxxxxxxx
auth_param negotiate children 50 startup=0 idle=1
auth_param basic credentialsttl 2 hours
auth_param negotiate keep_alive on

external_acl_type i-restringidos %LOGIN
/usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-restringidos@xxxxxxxxxxxx
external_acl_type i-full %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl
-g i-full@xxxxxxxxxxxx
external_acl_type i-limitado %LOGIN
/usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-limitado@xxxxxxxxxxxx

/ETC/HOSTS

[root@proxy ~]# cat /etc/hosts
127.0.0.1   localhost LXC_NAME
::1 localhost.localnet localhost
# --- END PVE ---
#
192.168.1.222 adw-1.mydomain.lan
192.168.1.107 w-data2.mydomain.lan
# --- BEGIN PVE ---
192.168.6.215 proxy.mydomain.lan proxy
# --- END PVE ---

/ETC/RESOLV.CONF
[root@proxy ~]# cat /etc/resolv.conf 
# --- BEGIN PVE ---
search mydomain.lan
nameserver 192.168.1.107
nameserver 192.168.1.222
# --- END PVE ---
domain mydomain.lan

Thanks

--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users