On 20.09.2016 15:20, Silamael wrote:
> Ok, found one problem. Under OpenBSD I had some hack that the external
> helper was linked against libbind (the bind resolver library) instead of
> libc (as the helper uses some defines which have different names in the
> OpenBSD libc). This caused that the He
On 19.09.2016 13:39, Silamael Darkomen wrote:
>
>
> On 16.09.2016 22:11, Markus Moeller wrote:
>> Hi Silamael,
>>
>> Can you perform a kinit u...@example.com ? Does the squid user
>> have read access to krb5.conf ?
>>
>> Markus
>
> Hello Markus,
>
> Yes, the permissions are correctly set
squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Namens
> Silamael Darkomen
> Verzonden: maandag 19 september 2016 14:20
> Aan: squid-users@lists.squid-cache.org
> Onderwerp: Re: [squid-users] Problem with Kerberos and
> ext_kerberos_ldap_group_acl not being able
On 19.09.2016 14:08, L.P.H. van Belle wrote:
> Well thats strange.
> No i cant speak about openBSD, but below is pretty general.
>
> When you test, did you set this before the test.
> KRB5_KTNAME=/etc/squid/proxy.keytab
> And does that keytab contain the HTTP/SPN
> And test/check if you see ht
omen
> Verzonden: maandag 19 september 2016 13:35
> Aan: squid-users@lists.squid-cache.org
> Onderwerp: Re: [squid-users] Problem with Kerberos and
> ext_kerberos_ldap_group_acl not being able to reach realm's KDC
>
> On 16.09.2016 10:52, L.P.H. van Belle wrote:
> >
On 16.09.2016 22:11, Markus Moeller wrote:
> Hi Silamael,
>
> Can you perform a kinit u...@example.com ? Does the squid user
> have read access to krb5.conf ?
>
> Markus
Hello Markus,
Yes, the permissions are correctly set up so that Squid and it's
processes can read every file needed.
On 16.09.2016 10:52, L.P.H. van Belle wrote:
> I think you forgot in your test, that you may need to modify the default
> kerberos ticket used.
>
>
>
>
>
> I suggest you change you config a bit to something like
>
>
>
> external_acl_type internet-win-allowed %LOGIN
> /usr/local/libexec/s
Hi Silamael,
Can you perform a kinit u...@example.com ? Does the squid user have
read access to krb5.conf ?
Markus
"Silamael Darkomen" wrote in message
news:955b9071-4d07-f0a2-2925-8f63fa332...@coronamundi.de...
Hello,
I'm currently working on setting up our proxy to authenticate
I think you forgot in your test, that you may need to modify the default
kerberos ticket used.
I suggest you change you config a bit to something like
external_acl_type internet-win-allowed %LOGIN
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl \
-D YOUR.REALM.TLD \
-g allowed