Re: [squid-users] Re: squid_kerb_ldap - Could not set LDAP_OPT_X_SASL_SECPROPS from Eugene M. Zheganin on 2013-07-23 (squid-users)

From: Eugene M. Zheganin <emz_at_norma.perm.ru>
Date: Tue, 23 Jul 2013 14:47:01 +0600

Hi.

Lol, saw this message today while fighting exactly the same trouble. I
guess Anton already resolved this situation, but for future reference I
decided to leave a trail in the archives: this message can be caused (it
mostly probable is caused by, but still, there can be another reasons)
by openldap-client being compiled without SASL. And this can happen if a
portupgrade/portmaster has been used to install it, because
net/openldapXX-sasl-client port is sort of a holy grail for portmaster
tool and similar one (this is a metaport, and after an option "[x] SASL"
has been removed in the main port, this is now a total mess) - always
been searched for, but never found.

On 24.11.2012 18:31, Markus Moeller wrote:

> Hi
>
> I assume you use openldap on your freebsd build. Can you try from
> the command line:
>
> # kinit -kt /usr/local/etc/HTTP.keytab
> HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
> # ldapsearch -d 999 -H ldap://pollux.m-tisiz.local:389 -Y GSSAPI -O
> "maxssf=56" -b dc=M-TISIZ,dc=LOCAL -s sub "(samaccountname=antec)"
>
> and send me the output ?
>
> Regards
> Markus
>
>
> "Подшивалов Антон" <support_at_murmansk-tisiz.ru> wrote in message
> news:95378ca7accc17ee30ecf07a71c9b6b2_at_murmansk-tisiz.ru...
>> Hello!
>> I use:
>> proxy# uname -a
>> FreeBSD proxy.m-tisiz.local 8.3-RELEASE-p1 FreeBSD 8.3-RELEASE-p1 #0:
>> Wed May 23 22:56:59 MSK 2012
>> ant_at_freebsd.m-tisiz.local:/usr/obj/usr/src/sys/AnteC_kernel i386
>>
>> I try to authenticate squid user by Active Directory. But have some
>> error when use squid_kerb_ldap external helper:
>>
>> proxy# /usr/local/libexec/squid/squid_kerb_ldap -d -D M-TISIZ.LOCAL
>> -g inet_users@
>> 2012/11/23 16:04:20| squid_kerb_ldap: Starting version 1.2.2
>> 2012/11/23 16:04:20| squid_kerb_ldap: Group list inet_users@
>> 2012/11/23 16:04:20| squid_kerb_ldap: Group inet_users Domain
>> 2012/11/23 16:04:20| squid_kerb_ldap: Netbios list NULL
>> 2012/11/23 16:04:20| squid_kerb_ldap: No netbios names defined.
>> 2012/11/23 16:04:20| squid_kerb_ldap: ldap server list NULL
>> 2012/11/23 16:04:20| squid_kerb_ldap: No ldap servers defined.
>> antec
>> 2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec set default
>> domain: M-TISIZ.LOCAL
>> 2012/11/23 16:04:23| squid_kerb_ldap: Got User: antec Domain:
>> M-TISIZ.LOCAL
>> 2012/11/23 16:04:23| squid_kerb_ldap: User domain loop: group_at_domain
>> inet_users@
>> 2012/11/23 16:04:23| squid_kerb_ldap: Default domain loop:
>> group_at_domain inet_users@
>> 2012/11/23 16:04:23| squid_kerb_ldap: Found group_at_domain inet_users@
>> 2012/11/23 16:04:23| squid_kerb_ldap: Setup Kerberos credential cache
>> 2012/11/23 16:04:23| squid_kerb_ldap: Get default keytab file name
>> 2012/11/23 16:04:23| squid_kerb_ldap: Got default keytab file name
>> /usr/local/etc/HTTP.keytab
>> 2012/11/23 16:04:23| squid_kerb_ldap: Get principal name from keytab
>> /usr/local/etc/HTTP.keytab
>> 2012/11/23 16:04:23| squid_kerb_ldap: Keytab entry has realm name:
>> M-TISIZ.LOCAL
>> 2012/11/23 16:04:23| squid_kerb_ldap: Found principal name:
>> HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
>> 2012/11/23 16:04:23| squid_kerb_ldap: Set credential cache to
>> MEMORY:squid_ldap_16670
>> 2012/11/23 16:04:23| squid_kerb_ldap: Got principal name
>> HTTP/proxy.m-tisiz.local_at_M-TISIZ.LOCAL
>> 2012/11/23 16:04:23| squid_kerb_ldap: Stored credentials
>> 2012/11/23 16:04:23| squid_kerb_ldap: Initialise ldap connection
>> 2012/11/23 16:04:23| squid_kerb_ldap: Canonicalise ldap server name
>> for domain M-TISIZ.LOCAL
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV
>> _ldap._tcp.M-TISIZ.LOCAL record to altair.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved SRV
>> _ldap._tcp.M-TISIZ.LOCAL record to pollux.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 1 of
>> M-TISIZ.LOCAL to altair.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 2 of
>> M-TISIZ.LOCAL to pollux.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 3 of
>> M-TISIZ.LOCAL to altair.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 4 of
>> M-TISIZ.LOCAL to pollux.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 5 of
>> M-TISIZ.LOCAL to altair.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Resolved address 6 of
>> M-TISIZ.LOCAL to pollux.m-tisiz.local
>> 2012/11/23 16:04:23| squid_kerb_ldap: Adding M-TISIZ.LOCAL to list
>> 2012/11/23 16:04:23| squid_kerb_ldap: Sorted ldap server names for
>> domain M-TISIZ.LOCAL:
>> 2012/11/23 16:04:23| squid_kerb_ldap: Host: pollux.m-tisiz.local
>> Port: 389 Priority: 0 Weight: 100
>> 2012/11/23 16:04:23| squid_kerb_ldap: Host: altair.m-tisiz.local
>> Port: 389 Priority: 0 Weight: 100
>> 2012/11/23 16:04:23| squid_kerb_ldap: Host: M-TISIZ.LOCAL Port: -1
>> Priority: -2 Weight: -2
>> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap
>> server pollux.m-tisiz.local:389
>> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with
>> SASL/GSSAPI
>> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set
>> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
>> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap
>> server with SASL/GSSAPI: Can't contact LDAP server
>> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap
>> server altair.m-tisiz.local:389
>> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with
>> SASL/GSSAPI
>> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set
>> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
>> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap
>> server with SASL/GSSAPI: Can't contact LDAP server
>> 2012/11/23 16:04:23| squid_kerb_ldap: Setting up connection to ldap
>> server M-TISIZ.LOCAL:389
>> 2012/11/23 16:04:23| squid_kerb_ldap: Bind to ldap server with
>> SASL/GSSAPI
>> 2012/11/23 16:04:23| squid_kerb_ldap: Could not set
>> LDAP_OPT_X_SASL_SECPROPS: maxssf=56: Can't contact LDAP server
>> 2012/11/23 16:04:23| squid_kerb_ldap: Error while binding to ldap
>> server with SASL/GSSAPI: Can't contact LDAP server
>> 2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of
>> ldap connection: No such file or directory
>> 2012/11/23 16:04:23| squid_kerb_ldap: Error during initialisation of
>> ldap connection: No such file or directory
>> 2012/11/23 16:04:23| squid_kerb_ldap: User antec is not member of
>> group_at_domain inet_users@
>> 2012/11/23 16:04:23| squid_kerb_ldap: Default group loop:
>> group_at_domain inet_users@
>> ERR
>>
Received on Tue Jul 23 2013 - 08:47:14 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 23 2013 - 12:00:40 MDT