Saludos listeros Tengo el siguiente problema, estoy tratando de vincular squid con kerberos pero a la hora de chequear los grupos me esta dando el siguiente error, al parecer el deshabilita el certificado ssl para interactuar con el ldap sobre ssl, este certificado esta importado a la lista de certificados del proxy y el servicio ldap sobre ssl esta corriendo sobre el controlador de dominio que es Zentyal, alguien me puede dar un norte de que esta sucediendo?
root@proxy3:/usr/lib/squid# ./ext_kerberos_ldap_group_acl -d -a -g correo-exte...@dominio.cu -D DOMINIO.CU -s -i kerberos_ldap_group.cc(278): pid=19770 :2018/12/21 09:24:04| kerberos_ldap_group: INFO: Starting version 1.3.1sq support_group.cc(382): pid=19770 :2018/12/21 09:24:04| kerberos_ldap_group: INFO: Group list correo-exte...@dominio.cu support_group.cc(447): pid=19770 :2018/12/21 09:24:04| kerberos_ldap_group: INFO: Group Correo-Externo Domain DOMINIO.CU support_netbios.cc(83): pid=19770 :2018/12/21 09:24:04| kerberos_ldap_group: DEBUG: Netbios list NULL support_netbios.cc(87): pid=19770 :2018/12/21 09:24:04| kerberos_ldap_group: DEBUG: No netbios names defined. support_lserver.cc(82): pid=19770 :2018/12/21 09:24:04| kerberos_ldap_group: DEBUG: ldap server list NULL support_lserver.cc(86): pid=19770 :2018/12/21 09:24:04| kerberos_ldap_group: DEBUG: No ldap servers defined. usuario kerberos_ldap_group.cc(371): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: INFO: Got User: usuario set default domain: DOMINIO.CU kerberos_ldap_group.cc(376): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: INFO: Got User: usuario Domain: DOMINIO.CU support_member.cc(63): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: User domain loop: group@domain correo-exte...@dominio.cu support_member.cc(65): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Found group@domain correo-exte...@dominio.cu support_ldap.cc(898): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Setup Kerberos credential cache support_krb5.cc(127): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Set credential cache to MEMORY:squid_ldap_19770 support_krb5.cc(138): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Get default keytab file name support_krb5.cc(144): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Got default keytab file name /etc/squid/squid3.keytab support_krb5.cc(158): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Get principal name from keytab /etc/squid/squid3.keytab support_krb5.cc(169): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Keytab entry has realm name: DOMINIO.CU support_krb5.cc(181): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Found principal name: HTTP/proxy3.dominio...@dominio.cu support_krb5.cc(196): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Got principal name HTTP/proxy3.dominio...@dominio.cu support_krb5.cc(260): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Stored credentials support_ldap.cc(927): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Initialise ldap connection support_ldap.cc(931): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Enable SSL to ldap servers support_ldap.cc(933): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Canonicalise ldap server name for domain DOMINIO.CU support_resolv.cc(379): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Resolved SRV _ldaps._tcp.DOMINIO.CU record to dc.DOMINIO.CU support_resolv.cc(207): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Resolved address 1 of DOMINIO.CU to dc.DOMINIO.CU support_resolv.cc(207): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Resolved address 2 of DOMINIO.CU to dc.DOMINIO.CU support_resolv.cc(207): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Resolved address 3 of DOMINIO.CU to dc.DOMINIO.CU support_resolv.cc(407): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Adding DOMINIO.CU to list support_resolv.cc(443): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Sorted ldap server names for domain DOMINIO.CU: support_resolv.cc(445): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Host: dc.DOMINIO.CU Port: 636 Priority: 100 Weight: 100 support_resolv.cc(445): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Host: DOMINIO.CU Port: -1 Priority: -2 Weight: -2 support_ldap.cc(942): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Setting up connection to ldap server dc.DOMINIO.CU:636 support_ldap.cc(786): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Set SSL defaults support_ldap.cc(554): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Disable server certificate check for ldap server. support_ldap.cc(800): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: ERROR: Error while setting start_tls for ldap server: Operations error support_ldap.cc(953): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI support_sasl.cc(276): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Local error support_ldap.cc(957): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: ERROR: Error while binding to ldap server with SASL/GSSAPI: Local error support_ldap.cc(979): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Error during initialisation of ldap connection: Transport endpoint is not connected support_ldap.cc(1048): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Error during initialisation of ldap connection: Transport endpoint is not connected support_member.cc(76): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: INFO: User usuario is not member of group@domain correo-exte...@dominio.cu support_member.cc(91): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Default domain loop: group@domain correo-exte...@dominio.cu support_member.cc(119): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: Default group loop: group@domain correo-exte...@dominio.cu ERR kerberos_ldap_group.cc(411): pid=19770 :2018/12/21 09:24:07| kerberos_ldap_group: DEBUG: ERR _______________________________________________ Gutl-l mailing list -- gutl-l@listas.jovenclub.cu To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
