
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 11 (filtered medium)">


<style>


<!--


 /* Style Definitions */


 p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0cm;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman";}


a:link, span.MsoHyperlink


        {color:blue;


        text-decoration:underline;}


a:visited, span.MsoHyperlinkFollowed


        {color:blue;


        text-decoration:underline;}


span.E-mailStijl17


        {mso-style-type:personal;


        font-family:Arial;


        color:navy;}


span.E-mailStijl18


        {mso-style-type:personal-reply;


        font-family:Arial;


        color:navy;}


@page Section1


        {size:595.3pt 841.9pt;


        margin:70.85pt 70.85pt 70.85pt 70.85pt;}


div.Section1


        {page:Section1;}


-->


</style>


</head>


<body lang=NL link=blue vlink=blue>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Ok reply to myself so other users know


this also.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>if you create a user for the HTTP services


and you dont use </span></font><font color=black><span lang=EN


style='color:black'>msktutil but like me samba-tool or something else. </span></font><font


size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;


color:navy'><o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Read : <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><a


href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos">http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos</a>


carefully. <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>and the clue was this line for me.  <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=black face=Arial><span lang=EN


style='font-size:10.0pt;font-family:Arial;color:black'>Squid "login"


to Windows Active Directory or Unix kdc as user


<HTTP/<fqdn-squid>@DOMAIN.COM>. <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=black face=Arial><span lang=EN


style='font-size:10.0pt;font-family:Arial;color:black'>This requires Active


Directory to have an <u>attribute userPrincipalname</u> set to


<HTTP/<fqdn-squid>@DOMAIN.COM><o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=black face=Arial><span lang=EN


style='font-size:10.0pt;font-family:Arial;color:black'> for the associated


acount. This is usaully done by using msktutil. <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>But this is not done by samba-tools  <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>samba-tool setup fro squid i used, was as


followed. <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>samba-tool user create squid1-service


--description="Unprivileged user for SQUID1-Proxy Services"


--random-password <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>samba-tool user setexpiry squid1-service –noexpiry<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>samba-tool spn add HTTP/proxy.internal.domain.tld


squid1-service<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Now this results in : <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>My UPN was set to the <a


href="mailto:username@internal.domain.tld">username@internal.domain.tld</a>  (


as it should ). <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>My SPN was set to <a


href="mailto:HTTP/proxyserver.internal.domain.tld@REALM">HTTP/proxyserver.internal.domain.tld@REALM</a>


( as is should )  <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>samba-tool spn list squid1-service <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>squid1-service<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>User


CN=squid1-service,OU=Service-Accounts,OU=XXXX,DC=XXXXX,DC=XXXX,DC=XX has the


following servicePrincipalName:<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>         HTTP/proxy.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>         <a


href="mailto:HTTP/proxy.internal.domain.tld@YOUR.REALM.T">HTTP/proxy.internal.domain.tld@YOUR.REALM.T</a><o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Now i changed my UPN from username@internal.domain.tld


 to the (SPN name)   <a href="mailto:HTTP/proxyserver.internal.domain.tld@REALM">HTTP/proxyserver.internal.domain.tld@REALM</a>


<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Solved my initial problem. <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>This should be in my optionion be changed


to search for the SPN in ext_kerberos_ldap_group.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Now i have LDAPS messages, see below, im


adding the _ldaps SRV records now ,but i dont get why im getting : <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Set certificate file for ldap server to


/etc/ssl/certs/cert.pem.(Changeable through setting environment variable TLS_CACERTFILE)<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Im already having : TLS_CACERT     


/etc/ssl/certs/ca-certificates.crt <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Which contains the needed certs.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Did i find 2 small bugs here?  <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Or is this a “Debian” related


thing? <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Debug output. <o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>/usr/lib/squid3/ext_kerberos_ldap_group_acl


-g internet-mail@YOUR.REALM.TLD -D YOUR.REALM.TLD -N internet-mail@NTDOMAIN -s


-i -d<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>kerberos_ldap_group.cc(278): pid=6902


:2016/08/24 16:10:07| kerberos_ldap_group: INFO: Starting version 1.3.1sq<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_group.cc(382): pid=6902


:2016/08/24 16:10:07| kerberos_ldap_group: INFO: Group list


internet-mail@YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_group.cc(447): pid=6902


:2016/08/24 16:10:07| kerberos_ldap_group: INFO: Group internet-mail  Domain


YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_netbios.cc(83): pid=6902


:2016/08/24 16:10:07| kerberos_ldap_group: DEBUG: Netbios list


internet-mail@NTDOMAIN<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_netbios.cc(156): pid=6902


:2016/08/24 16:10:07| kerberos_ldap_group: DEBUG: Netbios name internet-mail 


Domain NTDOMAIN<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_lserver.cc(82): pid=6902


:2016/08/24 16:10:07| kerberos_ldap_group: DEBUG: ldap server list NULL<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_lserver.cc(86): pid=6902


:2016/08/24 16:10:07| kerberos_ldap_group: DEBUG: No ldap servers defined.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>testuser internet-mail<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>kerberos_ldap_group.cc(371): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: INFO: Got User: testuser set default


domain: YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>kerberos_ldap_group.cc(376): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: INFO: Got User: testuser Domain:


YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_member.cc(63): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: User domain loop:


group@domain internet-mail@YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_member.cc(65): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Found group@domain


internet-mail@YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(898): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Setup Kerberos credential cache<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(127): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Set credential cache to


MEMORY:squid_ldap_6902<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(138): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Get default keytab file name<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(144): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Got default keytab file name


/etc/squid/keytab.PROXYSERVER-HTTP<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(158): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Get principal name from keytab


/etc/squid/keytab.PROXYSERVER-HTTP<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(169): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Keytab entry has realm name: YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(181): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Found principal name:


HTTP/proxy.internal.domain.tld@YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(196): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Got principal name


HTTP/proxy.internal.domain.tld@YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_krb5.cc(260): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Stored credentials<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(927): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Initialise ldap connection<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(931): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Enable SSL to ldap servers<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(933): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Canonicalise ldap server name for domain


YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(289): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: ERROR: Error while resolving service


record _ldaps._tcp.YOUR.REALM.TLD with res_search<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(71): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: ERROR: res_search: Unknown service


record: _ldaps._tcp.YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(379): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Resolved SRV


_ldap._tcp.YOUR.REALM.TLD record to samba-dc2.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(379): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Resolved SRV


_ldap._tcp.YOUR.REALM.TLD record to samba-dc1.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(207): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Resolved address 1 of


YOUR.REALM.TLD to samba-dc1.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(207): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Resolved address 2 of


YOUR.REALM.TLD to samba-dc1.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(207): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Resolved address 3 of


YOUR.REALM.TLD to samba-dc1.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(207): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Resolved address 4 of


YOUR.REALM.TLD to samba-dc2.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(207): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Resolved address 5 of YOUR.REALM.TLD to


samba-dc2.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(207): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Resolved address 6 of


YOUR.REALM.TLD to samba-dc2.internal.domain.tld<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(407): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Adding YOUR.REALM.TLD to list<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(443): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Sorted ldap server names for


domain YOUR.REALM.TLD:<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(445): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Host:


samba-dc1.internal.domain.tld Port: 389 Priority: 0 Weight: 100<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(445): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Host: samba-dc2.internal.domain.tld


Port: 389 Priority: 0 Weight: 100<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_resolv.cc(445): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Host: YOUR.REALM.TLD Port: -1


Priority: -2 Weight: -2<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(942): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Setting up connection to ldap server


samba-dc1.internal.domain.tld:389<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(786): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Set SSL defaults<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(531): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Enable server certificate check for ldap


server.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(544): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Set certificate file for ldap server to


/etc/ssl/certs/cert.pem.(Changeable through setting environment variable TLS_CACERTFILE)<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(800): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: Error while setting start_tls for ldap


server: Can't contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(953): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_sasl.cc(276): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Can't


contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(957): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: Error while binding to ldap server with


SASL/GSSAPI: Can't contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(942): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Setting up connection to ldap server


samba-dc2.internal.domain.tld:389<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(786): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Set SSL defaults<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(531): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Enable server certificate check for ldap


server.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(544): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Set certificate file for ldap server to


/etc/ssl/certs/cert.pem.(Changeable through setting environment variable


TLS_CACERTFILE)<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(800): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: Error while setting start_tls for ldap


server: Can't contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(953): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_sasl.cc(276): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Can't


contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(957): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: Error while binding to ldap server with


SASL/GSSAPI: Can't contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(942): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Setting up connection to ldap server


YOUR.REALM.TLD:389<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(786): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Set SSL defaults<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(531): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Enable server certificate check for ldap


server.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(544): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Set certificate file for ldap server to


/etc/ssl/certs/cert.pem.(Changeable through setting environment variable


TLS_CACERTFILE)<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(800): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: Error while setting start_tls for ldap


server: Can't contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(953): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_sasl.cc(276): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Can't


contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(957): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: ERROR: Error while binding to ldap server with


SASL/GSSAPI: Can't contact LDAP server<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(979): pid=6902 :2016/08/24


16:10:12| kerberos_ldap_group: DEBUG: Error during initialisation of ldap


connection: No such file or directory<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_ldap.cc(1048): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Error during initialisation


of ldap connection: No such file or directory<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_member.cc(76): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: INFO: User testuser is not member of


group@domain internet-mail@YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_member.cc(91): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Default domain loop:


group@domain internet-mail@YOUR.REALM.TLD<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>support_member.cc(119): pid=6902


:2016/08/24 16:10:12| kerberos_ldap_group: DEBUG: Default group loop:


group@domain <a href="mailto:internet-mail@YOUR.REALM.TLD">internet-mail@YOUR.REALM.TLD</a><o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


</div>


</body>


</html>