My Kerberos Authentication doesn't work. This is very hard! My Squid3 is join in the Domain kinit and klist are ok wbinfo -g and wbinfo -u are ok too.
I have created the squid3 file in /etc/default with the following content: KRB5_KTNAME=/etc/squid3/HTTP.keytab export KRB5_KTNAME I have two keytab files: /etc/krb5.keytab and /etc/squid3/HTTP.keytab (both are identical) I have installed libsasl2-modules-gssapi-mit libsasl2-modules packages because my Squid server is Debian 8. But I didn't use msktutil tool. I have only joined Squid server in the Domain (net ads join -U administrator) How can I debbug the problem? How can I test kerberos authentication in terminal (command line)? Below is my squid.conf file: ### Configuracoes Basicas cache_mgr administra...@empresa.com.br http_port 3128 #debug_options ALL,111,2 29,9 84,6 cache_mem 512 MB cache_swap_low 80 cache_swap_high 90 maximum_object_size 512 MB minimum_object_size 0 KB maximum_object_size_in_memory 4096 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA #Para não bloquear downloads quick_abort_min -1 KB #Resolve um problema com conexoes persistentes detect_broken_pconn on fqdncache_size 1024 ### Parametros de atualizacao da memoria cache refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ### Localizacao dos logs access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log ### define a localizacao do cache de disco, tamanho, qtd de diretorios pai e subdiretorios cache_dir aufs /var/spool/squid3 600 16 256 auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/proxy.empresa.com...@empresa.com.br auth_param negotiate children 20 auth_param negotiate keep_alive on visible_hostname proxy.empresa.com.br ### acls #acl manager proto cache_object acl localhost src 192.168.200.7/32 acl to_localhost dst 192.168.200.7/32 acl SSL_ports port 22 443 563 7071 10000 # ssh, https, snews, zimbra, webmin acl Safe_ports port 21 # ftp acl Safe_ports port 70 # gopher acl Safe_ports port 80 # http acl Safe_ports port 88 # kerberos acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 389 # ldap acl Safe_ports port 443 # https acl Safe_ports port 488 # gss-http acl Safe_ports port 563 # snews acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 3001 # imprenssa nacional acl Safe_ports port 8080 # http acl Safe_ports port 1025-65535 # unregistered ports acl purge method PURGE acl CONNECT method CONNECT ### Regras iniciais do Squid http_access allow localhost http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports ### Exige autenticacao acl autenticados proxy_auth REQUIRED http_access allow autenticados ### Rede do Local ##### acl rede_local src 192.168.200.0/22 ### Nega acesso de quem nao esta na rede local http_access allow rede_local #negando o acesso para todos que nao estiverem nas regras anteriores http_access deny all ### Erros em portugues error_directory /usr/share/squid3/errors/pt-br #cache_effective_user proxy coredump_dir /var/spool/squid3 Regards, Márcio
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
