[squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC
Silamael
Silamael at coronamundi.de
Wed Sep 21 06:54:07 UTC 2016
On 20.09.2016 15:20, Silamael wrote:
> Ok, found one problem. Under OpenBSD I had some hack that the external
> helper was linked against libbind (the bind resolver library) instead of
> libc (as the helper uses some defines which have different names in the
> OpenBSD libc). This caused that the Heimdal libs used also the Bind
> resolver library instead of the libc resolver. And this lead to an error
> in the getaddrinfo() call due to invalid ai_flags.
> After patching the helper to compile with the libc now a new problem
> comes up:
> When binding to the LDAP server the helper uses SASL/GSSAPI. And then
> ldap_sasl_interactive_bind_s failes with "Unknown authentication method".
> Is there anything special that must be given on the Windows side? Or
> what's wrong now?
Just for completness, the problems got solved. Cause for the last issue
was that the cyrus-sasl2 package wasn't built with GSSAPI support and
after that that the needed .so files were missing in the chroot
environment. After fixing this, the external_kerberos_ldap_group_acl
helper works like a charm.
Many thanks for any hints given!
-- Matthias
More information about the squid-users
mailing list