<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.E-mailStijl17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 63.65pt 2.0cm 63.65pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=NL link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hai,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I noticed a problem in the kerberos_ldap_group and im unable
to get it working. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I reported the bug here also :
https://github.com/squid-cache/squid/issues/17 <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Environment: Debian Jessie, Squid 3.5.24 debian rebuild from
debian stretch.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>kerberos_ldap_group: INFO: Starting version 1.3.1sq<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>first : The kerberos group goes wrong with the SRV record
detection. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>A and PTR records are in place and tested.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>And a check on the SRV records shows.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>dig SRV _ldap._tcp.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>;; ANSWER SECTION:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>_ldap._tcp.internal.domain.tld. 900 IN SRV 5 100 636
dc1.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>_ldap._tcp.internal.domain.tld. 900 IN SRV 5 100 636
dc2.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>_ldap._tcp.internal.domain.tld. 900 IN SRV 10 100 389
dc1.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>_ldap._tcp.internal.domain.tld. 900 IN SRV 10 100 389
dc2.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>;; AUTHORITY SECTION:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>dig SRV _ldaps._tcp.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>;; ANSWER SECTION:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>_ldaps._tcp.internal.domain.tld. 900 IN SRV 0 100 636
dc1.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>_ldaps._tcp.internal.domain.tld. 900 IN SRV 0 100 636
dc2.internal.domain.tld.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>;; AUTHORITY SECTION:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>but debug logs shows. ( cache.log ) <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(407): pid=15718 :2017/02/20 08:24:03|
kerberos_ldap_group: DEBUG: Adding internal.domain.tld to list<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(443): pid=15718 :2017/02/20 08:24:03|
kerberos_ldap_group: DEBUG: Sorted ldap server names for domain
INTERNAL.DOMAIN.TLD:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=15718 :2017/02/20 08:24:03|
kerberos_ldap_group: DEBUG: Host: dc1.internal.domain.tld Port: 636 Priority: 5
Weight: 100 <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=15718 :2017/02/20 08:24:03|
kerberos_ldap_group: DEBUG: Host: dc2.internal.domain.tld Port: 389 Priority: 5
Weight: 100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=15718 :2017/02/20 08:24:03|
kerberos_ldap_group: DEBUG: Host: dc1.internal.domain.tld Port: 636 Priority:
10 Weight: 100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=15718 :2017/02/20 08:24:03|
kerberos_ldap_group: DEBUG: Host: dc2.internal.domain.tld Port: 389 Priority:
10 Weight: 100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Wrong order in the debug output.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The hostnames and priority changes, and this changes
randomly at every startup. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I dont know it this is the cause of my problem, thats why im
asking here. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>So Im trying to get my kerberos group checks working, but
still no go and i just dont see what the problem is.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The Kerberos auth i use, which works fine.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>auth_param negotiate program
/usr/lib/squid/negotiate_wrapper_auth \<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> --kerberos /usr/lib/squid/negotiate_kerberos_auth -s
HTTP/proxy2.internal.domain.tld@REALM \<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego
--domain=NTDOM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The kerberos_ldap_group line which im trying to get working.
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>external_acl_type memberof-test-group ipv4 %LOGIN /usr/lib/squid/ext_kerberos_ldap_group_acl
-d -i -m 4<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> -g test-group \<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> -N NTDOM@REALM \<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> -D REALM \<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> -S
dc1.internal.domain.tld@REALM:dc2.internal.domain.tld@REALM <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>acl test-group external memberof-test-group<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>and im my config im having als test. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>http_access deny test-group<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I tried also with the –g test-group@ and –g
test-group@@REALM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>This is the debug part of the kerberos group auth when
starting squid. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>kerberos_ldap_group.cc(376): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: INFO: Got User: testuser Domain: REALM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_member.cc(63): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: User domain loop: group@domain test-group@NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_member.cc(91): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Default domain loop: group@domain test-group@NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_member.cc(119): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Default group loop: group@domain test-group@NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_member.cc(121): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Found group@domain test-group@NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(898): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Setup Kerberos credential cache<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(127): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Set credential cache to MEMORY:squid_ldap_3420<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(138): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Get default keytab file name<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(144): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Got default keytab file name
/etc/squid/keytab.PROXY2-HTTP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(158): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Get principal name from keytab
/etc/squid/keytab.PROXY2-HTTP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(169): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Keytab entry has realm name: REALM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(181): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Found principal name:
HTTP/proxy2.internal.domain.tld@REALM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(196): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Got principal name
HTTP/proxy2.internal.domain.tld@REALM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_krb5.cc(260): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Stored credentials<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(927): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Initialise ldap connection<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(933): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Canonicalise ldap server name for domain REALM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(379): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.REALM record to
dc1.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(379): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.REALM record to
dc2.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(379): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.REALM record to
dc2.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(379): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.REALM record to
dc1.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(207): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved address 1 of REALM to
dc1.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(207): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved address 2 of REALM to
dc1.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(207): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved address 3 of REALM to
dc1.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(207): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved address 4 of REALM to
dc2.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(207): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved address 5 of REALM to
dc2.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(207): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Resolved address 6 of REALM to
dc2.internal.domain.tld<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(407): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Adding REALM to list<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(443): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Sorted ldap server names for domain REALM:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Host: dc2.internal.domain.tld Port: 389 Priority: 5
Weight: 100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Host: dc1.internal.domain.tld Port: 636 Priority: 5
Weight: 100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Host: dc2.internal.domain.tld Port: 389 Priority:
10 Weight: 100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Host: dc1.internal.domain.tld Port: 636 Priority:
10 Weight: 100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_resolv.cc(445): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Host: REALM Port: -1 Priority: -2 Weight: -2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(942): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Setting up connection to ldap server
dc2.internal.domain.tld:389<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(953): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_sasl.cc(276): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(957): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: Error while binding to ldap server with
SASL/GSSAPI: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(942): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Setting up connection to ldap server
dc1.internal.domain.tld:636<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(953): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_sasl.cc(276): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(957): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: Error while binding to ldap server with
SASL/GSSAPI: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(942): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Setting up connection to ldap server
dc2.internal.domain.tld:389<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(953): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_sasl.cc(276): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(957): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: Error while binding to ldap server with
SASL/GSSAPI: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(942): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Setting up connection to ldap server
dc1.internal.domain.tld:636<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(953): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_sasl.cc(276): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(957): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: Error while binding to ldap server with
SASL/GSSAPI: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(942): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Setting up connection to ldap server REALM:389<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(953): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_sasl.cc(276): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(957): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: ERROR: Error while binding to ldap server with
SASL/GSSAPI: Local error<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(979): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Error during initialisation of ldap connection:
Success<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_ldap.cc(1048): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: Error during initialisation of ldap connection:
Success<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>support_member.cc(132): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: INFO: User testuser is not member of group@domain
test-group@NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>kerberos_ldap_group.cc(411): pid=3420 :2017/02/21 10:24:35|
kerberos_ldap_group: DEBUG: ERR<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I use samba4 AD DC’s <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The ssl certs are tested and correct, ssl BUMP is running
and works fine. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The ssl root-CA is also in place and also published to the
pc's <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>So im a bit lots now where to look or what im doing wrong
here. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Anyone any tips? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Greetz, <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Louis<o:p></o:p></span></font></p>
</div>
</body>
</html>