On 20.09.2016 15:20, Silamael wrote:
> Ok, found one problem. Under OpenBSD I had some hack that the external
> helper was linked against libbind (the bind resolver library) instead of
> libc (as the helper uses some defines which have different names in the
> OpenBSD libc). This caused that the
On 19.09.2016 13:39, Silamael Darkomen wrote:
>
>
> On 16.09.2016 22:11, Markus Moeller wrote:
>> Hi Silamael,
>>
>> Can you perform a kinit u...@example.com ? Does the squid user
>> have read access to krb5.conf ?
>>
>> Markus
>
> Hello Markus,
>
> Yes, the permissions are correctly
Yes,
You can fix that by setting the SPN : HTTP/host.you.domain.tld in UPN
I had that too, changed it and it is working perfect now.
See subject : Re: [squid-users] ext_kerberos_ldap_group_acl problem ( 2
minorbugsmaybe )
Greetz,
Louis
> -Oorspronkelijk bericht-
> Van:
On 19.09.2016 14:08, L.P.H. van Belle wrote:
> Well thats strange.
> No i cant speak about openBSD, but below is pretty general.
>
> When you test, did you set this before the test.
> KRB5_KTNAME=/etc/squid/proxy.keytab
> And does that keytab contain the HTTP/SPN
> And test/check if you see
Well thats strange.
No i cant speak about openBSD, but below is pretty general.
When you test, did you set this before the test.
KRB5_KTNAME=/etc/squid/proxy.keytab
And does that keytab contain the HTTP/SPN
And test/check if you see http/SPN in the UPN, if not try that also.
After that change
On 16.09.2016 22:11, Markus Moeller wrote:
> Hi Silamael,
>
> Can you perform a kinit u...@example.com ? Does the squid user
> have read access to krb5.conf ?
>
> Markus
Hello Markus,
Yes, the permissions are correctly set up so that Squid and it's
processes can read every file
On 16.09.2016 10:52, L.P.H. van Belle wrote:
> I think you forgot in your test, that you may need to modify the default
> kerberos ticket used.
>
>
>
>
>
> I suggest you change you config a bit to something like
>
>
>
> external_acl_type internet-win-allowed %LOGIN
>
Hi Silamael,
Can you perform a kinit u...@example.com ? Does the squid user have
read access to krb5.conf ?
Markus
"Silamael Darkomen" wrote in message
news:955b9071-4d07-f0a2-2925-8f63fa332...@coronamundi.de...
Hello,
I'm currently working on setting up our proxy to authenticate
I think you forgot in your test, that you may need to modify the default
kerberos ticket used.
I suggest you change you config a bit to something like
external_acl_type internet-win-allowed %LOGIN
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl \
-D YOUR.REALM.TLD \
-g