Hi
1) 1.2.1a is just a minor patch version to 1.2.1.
2) This happens only when you use the -d debug option
3) You can use the options -u BIND_DN -p BIND_PW -b BIND_PATH -l LDAP_URL
4) If they have different access needs then that is the only way. If they
have the same access right you can use -g
inetgrl...@mailserver.v.local:inetgrl...@mailserver.v.local:inetgrl...@mailserver.v.local
Regards
Markus
----- Original Message -----
From: "GIGO ." <gi...@msn.com>
To: "squidsuperuser2" <hua...@moeller.plus.com>; "SquidHelp"
<squid-users@squid-cache.org>
Sent: Thursday, July 01, 2010 11:31 AM
Subject: RE: [squid-users] Re: Re: Re: squid_kerb_auth (parseNegTokenInit
failed with rc=102)
Dear Markus,
Thank you so much for your help as i diagnosed the problem back to
KRB5_KTNAME not exported properly through my startup script. For the
completion sake and your analysis i have appended the cache.log at the
bottom.
Please i have few queries:
1. I am using squid_kerb_ldap version 1.2.1a as per your recommendation and
which is the latest but is the "a" in 1.2.1(a) means alpha. Can i use this
latest version in the production or i should switch back to 1.2.1.
2. i have just figured out that squid_kerb_ldap gets all the groups for a
user in question even if the first group it find matches. Is this the normal
behaviour?
3. Is there a way to bind to a specific or multiple(chosen) ldap servers
rather than using DNS. (what is the syntax and how)
4. As i have different categories of users so i had defined the following
directives. Is it ok to do this way as it does not look very neet to me and
looks like squid_kerb_ldap being called redundantly.
-------------------------------------Portion of
squid.conf---------------------
auth_param negotiate program
/usr/libexec/squid/squid_kerb_auth/squid_kerb_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
# basic auth ACL controls to make use of it are.(if and only if
squid_kerb_ldap(authorization) is not used)
#acl auth proxy_auth REQUIRED
#http_access deny !auth
#http_access allow auth
#Groups fom Mailserver Domain:
external_acl_type squid_kerb_ldap_msgroup1 ttl=3600 negative_ttl=3600
%LOGIN /usr/libexec/squid/squid_kerb_ldap -g inetgrl...@mailserver.v.local
external_acl_type squid_kerb_ldap_msgroup2 ttl=3600 negative_ttl=3600
%LOGIN /usr/libexec/squid/squid_kerb_ldap -g inetgrl...@mailserver.v.local
external_acl_type squid_kerb_ldap_msgroup3 ttl=3600 negative_ttl=3600
%LOGIN /usr/libexec/squid/squid_kerb_ldap -g inetgrl...@mailserver.v.local
acl msgroup1 external squid_kerb_ldap_msgroup1
acl msgroup2 external squid_kerb_ldap_msgroup2
acl msgroup3 external squid_kerb_ldap_msgroup3
http_access deny msgroup2 msn
http_access deny msgroup3 msn
http_access deny msgroup2 ym
http_access deny msgroup3 ym
###----Most Restricted settings Exclusive for Normal users......###
http_access deny msgroup3 Movies
http_access deny msgroup3 downloads
http_access deny msgroup3 torrentSeeds
http_access deny all
