Check LDAP port availability on LDAP server. On firewall it should be open.
If your LDAP is WIndows server, AFAIK, it has closed firewall by
default. I.e. all incoming connections are blocked.
20.02.2018 19:35, erdosain9 пишет:
> Hi. Im having this problem. Im running squid on a Centos 7 container (lxc on
> proxmox).
>
> This is cache.log
>
> support_sasl.cc(276): pid=555 :2018/02/20 10:13:34| kerberos_ldap_group:
> ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
> support_ldap.cc(957): pid=555 :2018/02/20 10:13:34| kerberos_ldap_group:
> ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
> LDAP server
>
>
> Can somebody give me a hand???
>
> I dont know what can be bad. This is the config:
>
> cat /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = MYDOMAIN.LAN
> dns_lookup_kdc = no
> dns_lookup_realm = no
> ticket_lifetime = 24h
> default_keytab_name = /etc/squid/PROXY.keytab
>
> ; for Windows 2003
> ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
> ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
> ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
>
> ; for Windows 2008 with AES
> default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des-cbc-md5
> default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des-cbc-md5
> permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des-cbc-md5
>
>
> [realms]
> MYDOMAIN.LAN = {
> kdc = adw-1.mydomain.lan
> kdc = w-data2.mydomain.lan
> admin_server = adw-1.mydomain.lan
> default_domain = mydomain.lan
> }
>
> [domain_realm]
> .mydomain.lan = MYDOMAIN.LAN
> mydomain.lan = MYDOMAIN.LAN
>
>
> SQUID.CONF
> ###Kerberos Auth with ActiveDirectory###
> auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s
> HTTP/proxy.mydomain.lan@xxxxxxxxxxxx
> auth_param negotiate children 50 startup=0 idle=1
> auth_param basic credentialsttl 2 hours
> auth_param negotiate keep_alive on
>
> external_acl_type i-restringidos %LOGIN
> /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-restringidos@xxxxxxxxxxxx
> external_acl_type i-full %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl
> -g i-full@xxxxxxxxxxxx
> external_acl_type i-limitado %LOGIN
> /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-limitado@xxxxxxxxxxxx
>
>
>
> /ETC/HOSTS
>
> [root@proxy ~]# cat /etc/hosts
> 127.0.0.1 localhost LXC_NAME
> ::1 localhost.localnet localhost
> # --- END PVE ---
> #
> 192.168.1.222 adw-1.mydomain.lan
> 192.168.1.107 w-data2.mydomain.lan
> # --- BEGIN PVE ---
> 192.168.6.215 proxy.mydomain.lan proxy
> # --- END PVE ---
>
>
> /ETC/RESOLV.CONF
> [root@proxy ~]# cat /etc/resolv.conf
> # --- BEGIN PVE ---
> search mydomain.lan
> nameserver 192.168.1.107
> nameserver 192.168.1.222
> # --- END PVE ---
> domain mydomain.lan
>
>
> Thanks
>
>
>
> --
> Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
--
*****************************
* C++20 : Bug to the future *
*****************************
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
