Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-20 Thread Silamael
On 20.09.2016 15:20, Silamael wrote: > Ok, found one problem. Under OpenBSD I had some hack that the external > helper was linked against libbind (the bind resolver library) instead of > libc (as the helper uses some defines which have different names in the > OpenBSD libc). This caused that the He

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-20 Thread Silamael
On 19.09.2016 13:39, Silamael Darkomen wrote: > > > On 16.09.2016 22:11, Markus Moeller wrote: >> Hi Silamael, >> >> Can you perform a kinit u...@example.com ? Does the squid user >> have read access to krb5.conf ? >> >> Markus > > Hello Markus, > > Yes, the permissions are correctly set

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread L . P . H . van Belle
squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Namens > Silamael Darkomen > Verzonden: maandag 19 september 2016 14:20 > Aan: squid-users@lists.squid-cache.org > Onderwerp: Re: [squid-users] Problem with Kerberos and > ext_kerberos_ldap_group_acl not being able

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread Silamael Darkomen
On 19.09.2016 14:08, L.P.H. van Belle wrote: > Well thats strange. > No i cant speak about openBSD, but below is pretty general. > > When you test, did you set this before the test. > KRB5_KTNAME=/etc/squid/proxy.keytab > And does that keytab contain the HTTP/SPN > And test/check if you see ht

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread L . P . H . van Belle
omen > Verzonden: maandag 19 september 2016 13:35 > Aan: squid-users@lists.squid-cache.org > Onderwerp: Re: [squid-users] Problem with Kerberos and > ext_kerberos_ldap_group_acl not being able to reach realm's KDC > > On 16.09.2016 10:52, L.P.H. van Belle wrote: > >

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread Silamael Darkomen
On 16.09.2016 22:11, Markus Moeller wrote: > Hi Silamael, > > Can you perform a kinit u...@example.com ? Does the squid user > have read access to krb5.conf ? > > Markus Hello Markus, Yes, the permissions are correctly set up so that Squid and it's processes can read every file needed.

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread Silamael Darkomen
On 16.09.2016 10:52, L.P.H. van Belle wrote: > I think you forgot in your test, that you may need to modify the default > kerberos ticket used. > > > > > > I suggest you change you config a bit to something like > > > > external_acl_type internet-win-allowed %LOGIN > /usr/local/libexec/s

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-16 Thread Markus Moeller
Hi Silamael, Can you perform a kinit u...@example.com ? Does the squid user have read access to krb5.conf ? Markus "Silamael Darkomen" wrote in message news:955b9071-4d07-f0a2-2925-8f63fa332...@coronamundi.de... Hello, I'm currently working on setting up our proxy to authenticate

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-16 Thread L . P . H . van Belle
I think you forgot in your test, that you may need to modify the default kerberos ticket used.     I suggest you change you config a bit to something like   external_acl_type internet-win-allowed %LOGIN /usr/local/libexec/squid/ext_kerberos_ldap_group_acl \ -D YOUR.REALM.TLD \ -g allowed