squid-users  

Re: [squid-users] Re: Re: Re:Problem with SQUID_KERB_LDAP

Fruehauf
Tue, 09 Feb 2010 02:47:01 -0800

So far, i test it with IE8 and Firefox 3.5
When i test it with IE6, no popup occurs and i get immediately the error message. 
Therefore i have this problem with all browsers .
The best way would be, that always a popup appear, when i start a new browser session and the user have to authentication on the domain, cause, i have not only domain clients, i work with workgroup clients too. I thought, i take the right howto therefore. What have i to change, 
to get always the authentication screen?

I now, that are 2 different problems, i hope, it's ok.

Rainer


Am 09.02.2010 00:14, schrieb Markus Moeller:

Ralf,

The lines:

2010/02/08 20:59:08| squid_kerb_auth: received type 1 NTLM token
mean that your browser is not using Kerberos authentication, why you get the popup. 

Markus
"Ralf Fruehauf" <r.fruehwa...@googlemail.com> wrote in message news:4b706e39.9050...@googlemail.com... 
Am 05.02.2010 19:03, schrieb Markus Moeller:
If you have only a directory not an executable then you don't really have squid_kerb_ldap installed.
The script is a standalone script somewhere on your filesystem accesible by the squid process. 

Markus
"Ralf Fruehauf" <r.fruehwa...@googlemail.com> wrote in message news:ff35590e1002050714q1bd0432bje929e96818924...@mail.gmail.com... 
For my understanding:

i take this script and put it into my /etc/init.d/squid start script?

With strace, i thought, i need a executably file/program, but i have
no squid_kerb_ldap file, only a directory!?
Sorry, for this simple question.

Rainer
Ok, that was my mistake, i had a problem during the make command with squid_kerb_ldap, now, i have a squid_kerb_ldap file and squid successfully starts, that is some progress at least.
Now, i have a problem with the authenticating. The registration box appears on the screen, but he don't accept my user/passwort entry. The user is located in the SQUID_USERS group in my Active Directory. After 4 until 5 attempts, i get a error - Cache Access Denied - "Sorry, you are not currently allowed to request http://www.google.de/ from this cache until you have authenticated yourself." ______________________________________________________________________________________________ 

access.log:
1265659148.810 2 192.168.100.130 TCP_DENIED/407 2462 GET http://www.google.de/ - NONE/- text/html 1265659148.856 1 192.168.100.130 TCP_DENIED/407 2565 GET http://www.google.de/ - NONE/- text/html 1265659158.206 1 192.168.100.130 TCP_DENIED/407 2565 GET http://www.google.de/ - NONE/- text/html
______________________________________________________________________________________________ 

cache.log:
2010/02/08 20:38:35| Starting Squid Cache version 3.0.STABLE18 for i686-pc-linux-gnu... 
2010/02/08 20:38:35| Process ID 2292
2010/02/08 20:38:35| With 1024 file descriptors available
2010/02/08 20:38:35| DNS Socket created at 0.0.0.0, port 46847, FD 7
2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf
2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf
2010/02/08 20:38:35| Adding nameserver 192.168.100.1 from /etc/resolv.conf 2010/02/08 20:38:35| Adding nameserver 192.168.100.254 from /etc/resolv.conf 2010/02/08 20:38:35| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2010/02/08 20:38:36| helperOpenServers: Starting 5/5 'squid_kerb_ldap' processes 
2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS  Domain NULL
2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS  Domain NULL
2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS  Domain NULL
2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS  Domain NULL
2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2
2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS
2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS  Domain NULL
2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL
2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined.
2010/02/08 20:38:36| Unlinkd pipe opened on FD 27
2010/02/08 20:38:36| Swap maxSize 102400 + 8192 KB, estimated 8507 objects 
2010/02/08 20:38:36| Target number of buckets: 425
2010/02/08 20:38:36| Using 8192 Store buckets
2010/02/08 20:38:36| Max Mem  size: 8192 KB
2010/02/08 20:38:36| Max Swap size: 102400 KB
2010/02/08 20:38:36| Version 1 of swap file with LFS support detected...
2010/02/08 20:38:36| Rebuilding storage in /var/cache/squid-3.0 (CLEAN)
2010/02/08 20:38:36| Using Least Load store dir selection
2010/02/08 20:38:36| chdir: /opt/squid-3.0/var/cache: (2) No such file or directory 
2010/02/08 20:38:36| Current Directory is /
2010/02/08 20:38:36| Loaded Icons.
2010/02/08 20:38:36| Accepting HTTP connections at 0.0.0.0, port 3128, FD 29. 2010/02/08 20:38:36| Accepting ICP messages at 0.0.0.0, port 3130, FD 30. 
2010/02/08 20:38:36| HTCP Disabled.
2010/02/08 20:38:36| Ready to serve requests.
2010/02/08 20:38:36| Done reading /var/cache/squid-3.0 swaplog (0 entries) 
2010/02/08 20:38:36| Finished rebuilding storage from disk.
2010/02/08 20:38:36|         0 Entries scanned
2010/02/08 20:38:36|         0 Invalid entries.
2010/02/08 20:38:36|         0 With invalid flags.
2010/02/08 20:38:36|         0 Objects loaded.
2010/02/08 20:38:36|         0 Objects expired.
2010/02/08 20:38:36|         0 Objects cancelled.
2010/02/08 20:38:36|         0 Duplicate URLs purged.
2010/02/08 20:38:36|         0 Swapfile clashes avoided.
2010/02/08 20:38:36|   Took 0.07 seconds (  0.00 objects/sec).
2010/02/08 20:38:36| Beginning Validation Procedure
2010/02/08 20:38:36|   Completed Validation Procedure
2010/02/08 20:38:36|   Validated 25 Entries
2010/02/08 20:38:36|   store_swap_size = 0
2010/02/08 20:38:37| storeLateRelease: released 0 objects
2010/02/08 20:38:58| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:38:58| squid_kerb_auth: received type 1 NTLM token
2010/02/08 20:40:40| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:40:40| squid_kerb_auth: received type 1 NTLM token
2010/02/08 20:57:43| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:57:43| squid_kerb_auth: received type 1 NTLM token
2010/02/08 20:57:49| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:57:49| squid_kerb_auth: received type 1 NTLM token
2010/02/08 20:58:24| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:58:24| squid_kerb_auth: received type 1 NTLM token
2010/02/08 20:58:51| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:58:51| squid_kerb_auth: received type 1 NTLM token
2010/02/08 20:59:08| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:59:08| squid_kerb_auth: received type 1 NTLM token
2010/02/08 20:59:18| squid_kerb_auth: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAHIXAAAADw==' from squid (length: 59). 
2010/02/08 20:59:18| squid_kerb_auth: received type 1 NTLM token
______________________________________________________________________________________________ 

store.log:
1265659148.810 RELEASE -1 FFFFFFFF 02BD860C9F7570381B44392E3E27E0D4 407 1265659148 0 -1 text/html 2094/2094 GET http://www.google.de/ 1265659148.856 RELEASE -1 FFFFFFFF DF3324214B04A1A81662633DC3E4C78C 407 1265659148 0 -1 text/html 2197/2197 GET http://www.google.de/ 1265659158.206 RELEASE -1 FFFFFFFF 3F2E3F4551C070C64EBEFEBB8AF6EECB 407 1265659158 0 -1 text/html 2197/2197 GET http://www.google.de/ 

So, how can i localize this problem.

Rainer