[squid-users] ldap_sasl_interactive_bind_s error: Can't contact LDAP server
Yuri
yvoinov at gmail.com
Tue Feb 20 13:39:53 UTC 2018
Check LDAP port availability on LDAP server. On firewall it should be open.
If your LDAP is WIndows server, AFAIK, it has closed firewall by
default. I.e. all incoming connections are blocked.
20.02.2018 19:35, erdosain9 пишет:
> Hi. Im having this problem. Im running squid on a Centos 7 container (lxc on
> proxmox).
>
> This is cache.log
>
> support_sasl.cc(276): pid=555 :2018/02/20 10:13:34| kerberos_ldap_group:
> ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
> support_ldap.cc(957): pid=555 :2018/02/20 10:13:34| kerberos_ldap_group:
> ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
> LDAP server
>
>
> Can somebody give me a hand???
>
> I dont know what can be bad. This is the config:
>
> cat /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = MYDOMAIN.LAN
> dns_lookup_kdc = no
> dns_lookup_realm = no
> ticket_lifetime = 24h
> default_keytab_name = /etc/squid/PROXY.keytab
>
> ; for Windows 2003
> ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
> ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
> ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
>
> ; for Windows 2008 with AES
> default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des-cbc-md5
> default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des-cbc-md5
> permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des-cbc-md5
>
>
> [realms]
> MYDOMAIN.LAN = {
> kdc = adw-1.mydomain.lan
> kdc = w-data2.mydomain.lan
> admin_server = adw-1.mydomain.lan
> default_domain = mydomain.lan
> }
>
> [domain_realm]
> .mydomain.lan = MYDOMAIN.LAN
> mydomain.lan = MYDOMAIN.LAN
>
>
> SQUID.CONF
> ###Kerberos Auth with ActiveDirectory###
> auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s
> HTTP/proxy.mydomain.lan at MYDOMAIN.LAN
> auth_param negotiate children 50 startup=0 idle=1
> auth_param basic credentialsttl 2 hours
> auth_param negotiate keep_alive on
>
> external_acl_type i-restringidos %LOGIN
> /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-restringidos at MYDOMAIN.LAN
> external_acl_type i-full %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl
> -g i-full at MYDOMAIN.LAN
> external_acl_type i-limitado %LOGIN
> /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-limitado at MYDOMAIN.LAN
>
>
>
> /ETC/HOSTS
>
> [root at proxy ~]# cat /etc/hosts
> 127.0.0.1 localhost LXC_NAME
> ::1 localhost.localnet localhost
> # --- END PVE ---
> #
> 192.168.1.222 adw-1.mydomain.lan
> 192.168.1.107 w-data2.mydomain.lan
> # --- BEGIN PVE ---
> 192.168.6.215 proxy.mydomain.lan proxy
> # --- END PVE ---
>
>
> /ETC/RESOLV.CONF
> [root at proxy ~]# cat /etc/resolv.conf
> # --- BEGIN PVE ---
> search mydomain.lan
> nameserver 192.168.1.107
> nameserver 192.168.1.222
> # --- END PVE ---
> domain mydomain.lan
>
>
> Thanks
>
>
>
> --
> Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
*****************************
* C++20 : Bug to the future *
*****************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180220/d4b3cbfd/attachment.sig>
More information about the squid-users
mailing list