|
Hello all, I have a little problem with this helper, it worked fine for a while and then suddely stopped working. I can call a kerberos ticket when using kinit root@sv-asa-proxy:/var/log/squid# kinit -kt /etc/squid/sv-asa-proxy.keytab HTTP/sv-asa-proxy@ASA.LOCAL root@sv-asa-proxy:/var/log/squid# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: HTTP/sv-asa-proxy@ASA.LOCAL Valid starting Expires Service principal 08/30/24 14:24:27 08/31/24 00:24:27 krbtgt/ASA.LOCAL@ASA.LOCAL renew until 08/31/24 14:24:27 root@sv-asa-proxy:/var/log/squid# so – this works well this is a part of my squid.conf: auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/sv-asa-proxy.keytab -s
HTTP/sv-asa-proxy@ASA.LOCAL -r -d auth_parauth_param negotiate children 100 startup=0 idle=10 auth_param negotiate keep_alive on acl kerb-auth proxy_auth REQUIRED i also tried auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/sv-asa-proxy.keytab -s HTTP/sv-asa-proxy@ASA.LOCAL -s GSS_C_NO_NAME -r -d no success... when i try root@sv-asa-proxy:/var/log/squid# /usr/lib/squid/negotiate_kerberos_auth_test -k /etc/squid/sv-asa-proxy.keytab -s HTTP/sv-asa-proxy.asa.local@ASA.LOCAL -s GSS_C_NO_NAME -d -i 2024/08/30 14:28:35| negotiate_kerberos_auth_test: gss_init_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. Server not found in Kerberos database Token: NULL root@sv-asa-proxy:/var/log/squid# and when i try this one: root@sv-asa-proxy:/var/log/squid# /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/sv-asa-proxy.keytab -s
HTTP/sv-asa-proxy.asa.local@ASA.LOCAL -d -r negotiate_kerberos_auth.cc(489): pid=5286 :2024/08/30 14:29:25| negotiate_kerberos_auth: INFO: Starting version 3.1.0sq negotiate_kerberos_auth.cc(548): pid=5286 :2024/08/30 14:29:25| negotiate_kerberos_auth: INFO: Setting keytab to /etc/squid/sv-asa-proxy.keytab negotiate_kerberos_auth.cc(571): pid=5286 :2024/08/30 14:29:25| negotiate_kerberos_auth: INFO: Changed keytab to MEMORY:negotiate_kerberos_auth_5286 negotiate_kerberos_auth.cc(612): pid=5286 :2024/08/30 14:30:06| negotiate_kerberos_auth: DEBUG: Got 'admin@ASA.LOCAL' from squid (length: 15). negotiate_kerberos_auth.cc(661): pid=5286 :2024/08/30 14:30:06| negotiate_kerberos_auth: ERROR: Invalid request [admin@ASA.LOCAL] BH Invalid request And the log: 2024/08/30 14:31:25 kid1| Set Current Directory to /var/spool/squid 2024/08/30 14:31:25 kid1| Starting Squid Cache version 5.9 for x86_64-pc-linux-gnu... 2024/08/30 14:31:25 kid1| Service Name: squid 2024/08/30 14:31:25 kid1| Process ID 5309 2024/08/30 14:31:25 kid1| Process Roles: worker 2024/08/30 14:31:25 kid1| With 1024 file descriptors available 2024/08/30 14:31:25 kid1| Initializing IP Cache... 2024/08/30 14:31:25 kid1| DNS Socket created at [::], FD 9 2024/08/30 14:31:25 kid1| DNS Socket created at 0.0.0.0, FD 10 2024/08/30 14:31:25 kid1| Adding nameserver 192.168.40.1 from squid.conf 2024/08/30 14:31:25 kid1| Adding nameserver 192.168.40.2 from squid.conf 2024/08/30 14:31:25 kid1| helperOpenServers: Starting 0/100 'negotiate_kerberos_auth' processes 2024/08/30 14:31:25 kid1| helperStatefulOpenServers: No 'negotiate_kerberos_auth' processes needed. 2024/08/30 14:31:25 kid1| helperOpenServers: Starting 0/25 'ext_kerberos_ldap_group_acl' processes 2024/08/30 14:31:25 kid1| helperOpenServers: No 'ext_kerberos_ldap_group_acl' processes needed. 2024/08/30 14:31:25 kid1| Logfile: opening log daemon:/var/log/squid/access.log 2024/08/30 14:31:25 kid1| Logfile Daemon: opening log /var/log/squid/access.log 2024/08/30 14:31:26 kid1| Unlinkd pipe opened on FD 16 2024/08/30 14:31:26 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2024/08/30 14:31:26 kid1| Logfile: opening log daemon:/var/log/squid/store.log 2024/08/30 14:31:26 kid1| Logfile Daemon: opening log /var/log/squid/store.log 2024/08/30 14:31:26 kid1| Swap maxSize 20480000 + 2097152 KB, estimated 1736704 objects 2024/08/30 14:31:26 kid1| Target number of buckets: 86835 2024/08/30 14:31:26 kid1| Using 131072 Store buckets 2024/08/30 14:31:26 kid1| Max Mem size: 2097152 KB 2024/08/30 14:31:26 kid1| Max Swap size: 20480000 KB 2024/08/30 14:31:26 kid1| Rebuilding storage in /var/cache/squid (clean log) 2024/08/30 14:31:26 kid1| Using Least Load store dir selection 2024/08/30 14:31:26 kid1| Set Current Directory to /var/spool/squid 2024/08/30 14:31:26 kid1| Finished loading MIME types and icons. 2024/08/30 14:31:26 kid1| HTCP Disabled. 2024/08/30 14:31:26 kid1| Pinger socket opened on FD 23 2024/08/30 14:31:26 kid1| Squid plugin modules loaded: 0 2024/08/30 14:31:26 kid1| Adaptation support is off. 2024/08/30 14:31:26 kid1| Accepting HTTP Socket connections at conn3 local=[::]:8080 remote=[::] FD 21 flags=9 2024/08/30 14:31:26 kid1| Done reading /var/cache/squid swaplog (50 entries) 2024/08/30 14:31:26 kid1| Finished rebuilding storage from disk. 2024/08/30 14:31:26 kid1| 50 Entries scanned 2024/08/30 14:31:26 kid1| 0 Invalid entries. 2024/08/30 14:31:26 kid1| 0 With invalid flags. 2024/08/30 14:31:26 kid1| 50 Objects loaded. 2024/08/30 14:31:26 kid1| 0 Objects expired. 2024/08/30 14:31:26 kid1| 0 Objects cancelled. 2024/08/30 14:31:26 kid1| 0 Duplicate URLs purged. 2024/08/30 14:31:26 kid1| 0 Swapfile clashes avoided. 2024/08/30 14:31:26 kid1| Took 0.01 seconds (5303.35 objects/sec). 2024/08/30 14:31:26 kid1| Beginning Validation Procedure 2024/08/30 14:31:26 kid1| Completed Validation Procedure 2024/08/30 14:31:26 kid1| Validated 50 Entries 2024/08/30 14:31:26 kid1| store_swap_size = 732.00 KB 2024/08/30 14:31:26| pinger: Initialising ICMP pinger ... 2024/08/30 14:31:26| pinger: ICMP socket opened. 2024/08/30 14:31:26| pinger: ICMPv6 socket opened 2024/08/30 14:31:27 kid1| storeLateRelease: released 0 objects Do you have any suggstions for me? Kind regards Michael |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
