Comments on: Integrating Active Directory and Squid3 http://michele.pupazzo.org/diary/?p=491 Omnis enim res, quae dando non deficit, dum habetur et non datur, nondum habetur, quomodo habenda est. Mon, 16 Aug 2010 13:52:03 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: DHG http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-933 DHG Tue, 02 Feb 2010 17:30:13 +0000 http://michele.pupazzo.org/diary/?p=491#comment-933 Michele, most useful and informative, helped my to use squid3 with Mit KDC on my Fedora 12. Worked like a charm. --dhg Michele,

most useful and informative, helped my to use squid3 with Mit KDC on my Fedora 12.
Worked like a charm.

–dhg

]]> By: Michele Baldessari http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-853 Michele Baldessari Sun, 22 Nov 2009 22:27:31 +0000 http://michele.pupazzo.org/diary/?p=491#comment-853 Declan & Khusil, to be sure I'd strace the squid process and then look for the Permission denied string. My bets are that the squid process can't read the keytab. hth, Michele Declan & Khusil,

to be sure I’d strace the squid process and then look for the Permission denied string. My bets are that the squid process can’t read the keytab.

hth,
Michele

]]> By: Declan Caffrey http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-848 Declan Caffrey Wed, 18 Nov 2009 09:52:57 +0000 http://michele.pupazzo.org/diary/?p=491#comment-848 Khusil, I'm getting the same messages, just wondering if you resolved your issues and if so what was the resolution Khusil,
I’m getting the same messages, just wondering if you resolved your issues and if so what was the resolution

]]> By: Khushil Dep http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-806 Khushil Dep Thu, 15 Oct 2009 15:17:24 +0000 http://michele.pupazzo.org/diary/?p=491#comment-806 I'm seeing the following in the logs: 2009/10/15 16:15:51| squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied 2009/10/15 16:15:51| squid_kerb_auth: Got 'YR YIIFOQYGKwYBBQUCoIIFLTCCBSmgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBP8EggT7YIIE9wYJKoZIhvcSAQICAQBuggTmMIIE4qADAgEFoQMCAQ6iBwMFACAAAACjggQKYYIEBjCCBAKgAwIBBaETGxFCT1VOVFlHUk9VUC5MT0NBTKIuMCygAwIBAqElMCMbBEhUVFAbG2diLXJlYXZlci5ib3VudHlncm91cC5sb2NhbKOCA7QwggOwoAMCARehAwIBCqKCA6IEggOeRyRLZH50l4DcHCj3HnNLYvvByOGip8DxV0oQxZjLbe+CGGP/DwXx2miFBHazkLMHaskU3lLkpEo3BBeHMFg7N/zNnjvUCxgvlklSucKMP1grddgL3ud15DeY5MeHkgmh7a31bcKRnAnaqfEL8vreqQlPitkLvW6ub6wMdMvBz2kpSlV4bGsBACJI8Mais2i2yOt/f/rrW+Vd8Oaio2cNSegnwdE9ZDeDBStcHzCnu+FytgYa/67GZdGgQxtjxew7dPqTUV0U2j7hU1j6gjkP0w3qS5LkKFflcbzhEhCNJf7uULUWl8EXFfuBbYjmvxit2jcgUwIdk2BRln7wyR2jG03OJ3MDYMjq20Ug1wEj+F9sAce/vifxGh8hZ4SKoJk5bejaKwcHZoLnzDo+oTZVJfJiBNLI/9yF3jXeLW7iAGRaKzv9ZqjUpqHko+xhYBM8Pk0fZrmbe8c2KEYjBpIrLH3/hXKtzj8oIyafWeEG+4VGJLtmBUNY0T4NEJ02EqpDQJTDzmQsG/JoQBL0RudwDgmJg4hXjXzZwfEgTuhO+MPldmZUlg/NeOxeAmvV1XDBuLPoHAF2Z2S9M7ChYvunzCmko34zd2fBwvk56AT8+NROknDN9UJtyMCO+OQDthtkKjmwYMwlAtFF1ytq1qkAqvAgj3xQz9tydDBpr5eMIxH/iGvmFrQhMJaHpEBFO6oQdN1+6HSnwhXowN2A4IQS8nC9znpqRCLvdOBp/wzz1GiUeWgodhYqP0q0qcUqFpRTsEHyesDzIL1ZzsR5Wtk+CtEXEx/UXaLKBsn50UhPYlShRLn5362q6inDIv8BZlm1QUdnLHqoh8PJGlINVk3ULTy4Kam7e+U1+hlSIdA+5KiQonUgttl//rne5BdVPNpL5z7Y4Y18mWWnedlI0uugYG36YAXinybXMLC5iYmxYVgmWjyHRt5MSj8DzUg9/+Fb7yQC/xbLscJWQ3U7L6kp21BV+7FD27rT+298rmDlJ+R0MOBWWybY8Ytd8qUVXsTuO1OylLs+UxsnrCtiF1yse75yeI3nFhj4Vr8HHomsrcQ6LaG9cYQZMU7LsLMn2Z8uyZTDv/NdsK0L0bsvzyFLDC2xotEIZSaFS/HVZED20Mi+luuiE6IlEP0wNfcv5IkhBEljY1qIqdW5Ce9O4oKRm1Rftg3xxhUDzkQs6lJwNg3xmEs3HqKbE6QmuHFQd7LjkDKtxRuPY7MZBB8dIwekgb4wgbugAwIBF6KBswSBsHwVE2gZjlZgAMwx80EAtjo3tih2YRWUQgiK8W4d4WcV+CtRUcX26Btu7SctKRTNklmFRXhsOfpSEVBBmd3gN/cjsexKTy1koTKnjtfAGsqIeuhKY5/mE1HsrBhvkCZGyDWKopyV7TYr00ZJeq43JOa/r9N7jX9IZ3KuazZVv8wTldWFqXGicD7rwr1myAVbRkM0vFIWHTT/JkYRpA+5/3EKdRNlbjD4Rtz+6fNCi1w3' from squid (length: 1791). 2009/10/15 16:15:51| squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied 2009/10/15 16:15:52| squid_kerb_auth: Got 'YR YIIFOQYGKwYBBQUCoIIFLTCCBSmgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBP8EggT7YIIE9wYJKoZIhvcSAQICAQBuggTmMIIE4qADAgEFoQMCAQ6iBwMFACAAAACjggQKYYIEBjCCBAKgAwIBBaETGxFCT1VOVFlHUk9VUC5MT0NBTKIuMCygAwIBAqElMCMbBEhUVFAbG2diLXJlYXZlci5ib3VudHlncm91cC5sb2NhbKOCA7QwggOwoAMCARehAwIBCqKCA6IEggOeJHdU0WS1bHm6MI7/6km7E3Nqn5WnTMwtUDx0pNwTESBFVY/Ivmw5vVBAQkvRZ6Q7uaqgSV+oO0SVVp1S/JQLtCqLhVCQtnU/Uq/47vaoaKs/0R+1Ycwo/Oe3Fu5JQY25IypIQiSA0cpoNzAxPIqucIhjoypvXzCa49jJtZWswDkpzbY4XZq3LbU9XIz5XXM/VIgGgLvyjaeInHdHrnf7ebAjCu0uUD50PFJZilHfrhXL1ml9UAUUV5Gi2c9kBHsNxlx2s6oOYI7zh5+uxWCN7rvIjrPuAxGleoYIx0VbjXnuoJrnRpI3EsGvJpzxbCQ5cPCiSJ30WoBQ+XB7g+3RGUEx4b3iBat4Yv0Jt0iotYbT74KYEzEHsGU82lKglqlfr0Wrt4j4SK13rHzdxdLRE8BNvEkQsOjfzq0qt8cmvboB+VvvFdEVaJJR4Q7A2RgB3utM99o6+WoTarlerIkbivZlxd5Vk0l9zbUt54/JCt2JHCjYs8MVIlWWzNfX3BmIFYp3Fh7/xhKNbRJxrnT5zblwpl+pIU0YTssvzwgh9ZNuvfIBgwuPZ5ixCAH8queGm8qMQ3Daq6hb5GmKtK0uXD2nFDdB4YrZ7lBRMqPpye7PoDzw47En/JCLNHZ2AuJenyydA2KG4KxAVWreeZngRJfjjohmQJQ4zStcE7BhgHR4HWMgMvvBJR9+myPJ1F89EcYQ+SngjYfWz6/Ckan4DZM9YACVlNhaM7HFQdl89eFvxYX9RYiiA5egZB77fq4MasNVgNsN3EvO46p4zg1XrJT0P40ALHxOMb+iz+Q2W1TB8qyJKxl+Jas4nsZzaEKJnjM1IgxZHWdAGSUmSyf8AyI4bYmRpbbY+by0GCDq8sogleWeORIxLYGdPdHDozLFdzusUCMBLI6+IQcDDAvF6xkaSypEVZQ6q+fa42txyzb/eh22tFMAMl+aBAEOqGp10kzxD3iYyIQDWg5vyuxWJ4Pl+6fauD89deROZlGIjVxEu7FroWWwg/JrVw3G8MnI7TSHN9iLNdEsQT5ZzJ/+oLmYPLQqD5HBNk9PN7lyq+ghBs1adIwFEGbWJkg1YY9AV9KlwI6mMuLeJ9F3i2ldRVjUi8QS86ybIpQ9/k4/p+1BiVbLCYAbMy9UMdnOOKL7nfER3gXGBAxqsVckWOlEtYogSfRvtkwuEX1sDsHVAETSqy99vpTuKcyUsxyg5Vac6XVNiVGe9kHq8cp1fO6kgb4wgbugAwIBF6KBswSBsLksBNH2FFcgThBWw1Sc9n2419KUT9cuQyfCN32oikXxKmBnUNw5qdjRa3Ssqx7oor6LHRraqWyIWkCBkXIszNEs+Rmol6grsrFQKpVAd8hDCVe53tpICNzRwVtjL0XOjePokAMv1QRP4CaeDx88cJkEeVu8lNpn660cAlwJMzeZ0SXpahqOgGv1XwKltnaXcCz/V6paaC7vR2brJv34zAwq/CSKepSetDLDPYm+wJ8I' from squid (length: 1791). 2009/10/15 16:15:52| squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied I’m seeing the following in the logs:

2009/10/15 16:15:51| squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied
2009/10/15 16:15:51| squid_kerb_auth: Got ‘YR YIIFOQYGKwYBBQUCoIIFLTCCBSmgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBP8EggT7YIIE9wYJKoZIhvcSAQICAQBuggTmMIIE4qADAgEFoQMCAQ6iBwMFACAAAACjggQKYYIEBjCCBAKgAwIBBaETGxFCT1VOVFlHUk9VUC5MT0NBTKIuMCygAwIBAqElMCMbBEhUVFAbG2diLXJlYXZlci5ib3VudHlncm91cC5sb2NhbKOCA7QwggOwoAMCARehAwIBCqKCA6IEggOeRyRLZH50l4DcHCj3HnNLYvvByOGip8DxV0oQxZjLbe+CGGP/DwXx2miFBHazkLMHaskU3lLkpEo3BBeHMFg7N/zNnjvUCxgvlklSucKMP1grddgL3ud15DeY5MeHkgmh7a31bcKRnAnaqfEL8vreqQlPitkLvW6ub6wMdMvBz2kpSlV4bGsBACJI8Mais2i2yOt/f/rrW+Vd8Oaio2cNSegnwdE9ZDeDBStcHzCnu+FytgYa/67GZdGgQxtjxew7dPqTUV0U2j7hU1j6gjkP0w3qS5LkKFflcbzhEhCNJf7uULUWl8EXFfuBbYjmvxit2jcgUwIdk2BRln7wyR2jG03OJ3MDYMjq20Ug1wEj+F9sAce/vifxGh8hZ4SKoJk5bejaKwcHZoLnzDo+oTZVJfJiBNLI/9yF3jXeLW7iAGRaKzv9ZqjUpqHko+xhYBM8Pk0fZrmbe8c2KEYjBpIrLH3/hXKtzj8oIyafWeEG+4VGJLtmBUNY0T4NEJ02EqpDQJTDzmQsG/JoQBL0RudwDgmJg4hXjXzZwfEgTuhO+MPldmZUlg/NeOxeAmvV1XDBuLPoHAF2Z2S9M7ChYvunzCmko34zd2fBwvk56AT8+NROknDN9UJtyMCO+OQDthtkKjmwYMwlAtFF1ytq1qkAqvAgj3xQz9tydDBpr5eMIxH/iGvmFrQhMJaHpEBFO6oQdN1+6HSnwhXowN2A4IQS8nC9znpqRCLvdOBp/wzz1GiUeWgodhYqP0q0qcUqFpRTsEHyesDzIL1ZzsR5Wtk+CtEXEx/UXaLKBsn50UhPYlShRLn5362q6inDIv8BZlm1QUdnLHqoh8PJGlINVk3ULTy4Kam7e+U1+hlSIdA+5KiQonUgttl//rne5BdVPNpL5z7Y4Y18mWWnedlI0uugYG36YAXinybXMLC5iYmxYVgmWjyHRt5MSj8DzUg9/+Fb7yQC/xbLscJWQ3U7L6kp21BV+7FD27rT+298rmDlJ+R0MOBWWybY8Ytd8qUVXsTuO1OylLs+UxsnrCtiF1yse75yeI3nFhj4Vr8HHomsrcQ6LaG9cYQZMU7LsLMn2Z8uyZTDv/NdsK0L0bsvzyFLDC2xotEIZSaFS/HVZED20Mi+luuiE6IlEP0wNfcv5IkhBEljY1qIqdW5Ce9O4oKRm1Rftg3xxhUDzkQs6lJwNg3xmEs3HqKbE6QmuHFQd7LjkDKtxRuPY7MZBB8dIwekgb4wgbugAwIBF6KBswSBsHwVE2gZjlZgAMwx80EAtjo3tih2YRWUQgiK8W4d4WcV+CtRUcX26Btu7SctKRTNklmFRXhsOfpSEVBBmd3gN/cjsexKTy1koTKnjtfAGsqIeuhKY5/mE1HsrBhvkCZGyDWKopyV7TYr00ZJeq43JOa/r9N7jX9IZ3KuazZVv8wTldWFqXGicD7rwr1myAVbRkM0vFIWHTT/JkYRpA+5/3EKdRNlbjD4Rtz+6fNCi1w3′ from squid (length: 1791).
2009/10/15 16:15:51| squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied
2009/10/15 16:15:52| squid_kerb_auth: Got ‘YR YIIFOQYGKwYBBQUCoIIFLTCCBSmgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBP8EggT7YIIE9wYJKoZIhvcSAQICAQBuggTmMIIE4qADAgEFoQMCAQ6iBwMFACAAAACjggQKYYIEBjCCBAKgAwIBBaETGxFCT1VOVFlHUk9VUC5MT0NBTKIuMCygAwIBAqElMCMbBEhUVFAbG2diLXJlYXZlci5ib3VudHlncm91cC5sb2NhbKOCA7QwggOwoAMCARehAwIBCqKCA6IEggOeJHdU0WS1bHm6MI7/6km7E3Nqn5WnTMwtUDx0pNwTESBFVY/Ivmw5vVBAQkvRZ6Q7uaqgSV+oO0SVVp1S/JQLtCqLhVCQtnU/Uq/47vaoaKs/0R+1Ycwo/Oe3Fu5JQY25IypIQiSA0cpoNzAxPIqucIhjoypvXzCa49jJtZWswDkpzbY4XZq3LbU9XIz5XXM/VIgGgLvyjaeInHdHrnf7ebAjCu0uUD50PFJZilHfrhXL1ml9UAUUV5Gi2c9kBHsNxlx2s6oOYI7zh5+uxWCN7rvIjrPuAxGleoYIx0VbjXnuoJrnRpI3EsGvJpzxbCQ5cPCiSJ30WoBQ+XB7g+3RGUEx4b3iBat4Yv0Jt0iotYbT74KYEzEHsGU82lKglqlfr0Wrt4j4SK13rHzdxdLRE8BNvEkQsOjfzq0qt8cmvboB+VvvFdEVaJJR4Q7A2RgB3utM99o6+WoTarlerIkbivZlxd5Vk0l9zbUt54/JCt2JHCjYs8MVIlWWzNfX3BmIFYp3Fh7/xhKNbRJxrnT5zblwpl+pIU0YTssvzwgh9ZNuvfIBgwuPZ5ixCAH8queGm8qMQ3Daq6hb5GmKtK0uXD2nFDdB4YrZ7lBRMqPpye7PoDzw47En/JCLNHZ2AuJenyydA2KG4KxAVWreeZngRJfjjohmQJQ4zStcE7BhgHR4HWMgMvvBJR9+myPJ1F89EcYQ+SngjYfWz6/Ckan4DZM9YACVlNhaM7HFQdl89eFvxYX9RYiiA5egZB77fq4MasNVgNsN3EvO46p4zg1XrJT0P40ALHxOMb+iz+Q2W1TB8qyJKxl+Jas4nsZzaEKJnjM1IgxZHWdAGSUmSyf8AyI4bYmRpbbY+by0GCDq8sogleWeORIxLYGdPdHDozLFdzusUCMBLI6+IQcDDAvF6xkaSypEVZQ6q+fa42txyzb/eh22tFMAMl+aBAEOqGp10kzxD3iYyIQDWg5vyuxWJ4Pl+6fauD89deROZlGIjVxEu7FroWWwg/JrVw3G8MnI7TSHN9iLNdEsQT5ZzJ/+oLmYPLQqD5HBNk9PN7lyq+ghBs1adIwFEGbWJkg1YY9AV9KlwI6mMuLeJ9F3i2ldRVjUi8QS86ybIpQ9/k4/p+1BiVbLCYAbMy9UMdnOOKL7nfER3gXGBAxqsVckWOlEtYogSfRvtkwuEX1sDsHVAETSqy99vpTuKcyUsxyg5Vac6XVNiVGe9kHq8cp1fO6kgb4wgbugAwIBF6KBswSBsLksBNH2FFcgThBWw1Sc9n2419KUT9cuQyfCN32oikXxKmBnUNw5qdjRa3Ssqx7oor6LHRraqWyIWkCBkXIszNEs+Rmol6grsrFQKpVAd8hDCVe53tpICNzRwVtjL0XOjePokAMv1QRP4CaeDx88cJkEeVu8lNpn660cAlwJMzeZ0SXpahqOgGv1XwKltnaXcCz/V6paaC7vR2brJv34zAwq/CSKepSetDLDPYm+wJ8I’ from squid (length: 1791).
2009/10/15 16:15:52| squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Permission denied

]]> By: Khushil Dep http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-805 Khushil Dep Thu, 15 Oct 2009 15:15:14 +0000 http://michele.pupazzo.org/diary/?p=491#comment-805 Hi there, I've followed this tutorial and I'm seeing the following: gb-reaver:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: wakdep@BOUNTYGROUP.LOCAL Valid starting Expires Service principal 10/15/09 16:02:06 10/16/09 02:02:09 krbtgt/BOUNTYGROUP.LOCAL@BOUNTYGROUP.LOCAL renew until 10/16/09 02:02:06 gb-reaver:~# tail /var/log/squid3/ access.log cache.log store.log gb-reaver:~# tail /var/log/squid3/access.log 1255619426.937 0 10.4.4.211 TCP_DENIED/407 3089 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619429.164 0 10.4.4.211 TCP_DENIED/407 3192 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619432.461 0 10.4.4.211 TCP_DENIED/407 3192 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619440.400 2 10.4.4.211 TCP_DENIED/407 5024 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619447.557 0 10.4.4.211 TCP_DENIED/407 3192 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619451.240 0 10.4.4.211 TCP_DENIED/407 3137 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619451.246 0 10.4.4.211 TCP_DENIED/407 3240 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619457.105 0 10.4.4.211 TCP_DENIED/407 3240 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619464.663 2 10.4.4.211 TCP_DENIED/407 5022 GET http://www.bbc.co.uk/ - NONE/- text/html 1255619468.136 2 10.4.4.211 TCP_DENIED/407 5022 GET http://www.bbc.co.uk/ - NONE/- text/html It seems that no tickets are being created? Hi there,
I’ve followed this tutorial and I’m seeing the following:

gb-reaver:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: wakdep@BOUNTYGROUP.LOCAL

Valid starting Expires Service principal
10/15/09 16:02:06 10/16/09 02:02:09 krbtgt/BOUNTYGROUP.LOCAL@BOUNTYGROUP.LOCAL
renew until 10/16/09 02:02:06
gb-reaver:~# tail /var/log/squid3/
access.log cache.log store.log
gb-reaver:~# tail /var/log/squid3/access.log
1255619426.937 0 10.4.4.211 TCP_DENIED/407 3089 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619429.164 0 10.4.4.211 TCP_DENIED/407 3192 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619432.461 0 10.4.4.211 TCP_DENIED/407 3192 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619440.400 2 10.4.4.211 TCP_DENIED/407 5024 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619447.557 0 10.4.4.211 TCP_DENIED/407 3192 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619451.240 0 10.4.4.211 TCP_DENIED/407 3137 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619451.246 0 10.4.4.211 TCP_DENIED/407 3240 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619457.105 0 10.4.4.211 TCP_DENIED/407 3240 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619464.663 2 10.4.4.211 TCP_DENIED/407 5022 GET http://www.bbc.co.uk/ – NONE/- text/html
1255619468.136 2 10.4.4.211 TCP_DENIED/407 5022 GET http://www.bbc.co.uk/ – NONE/- text/html

It seems that no tickets are being created?

]]> By: Michele Baldessari http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-788 Michele Baldessari Wed, 07 Oct 2009 19:38:44 +0000 http://michele.pupazzo.org/diary/?p=491#comment-788 Hello Jorge, well you use samba in this case just to get the keytab updated for the squid service, for not much else. You have two options to make group authorization work : ldap scripts or using winbind. I have not tried any of these recently, but they both can be shoehorned to work. Maybe I'll spend a few evenings one day and complete the article with the group membership. hth, Michele Hello Jorge,

well you use samba in this case just to get the keytab updated for the squid service, for not much else. You have two options to make group authorization work : ldap scripts or using winbind. I have not tried any of these recently, but they both can be shoehorned to work. Maybe I’ll spend a few evenings one day and complete the article with the group membership.

hth,
Michele

]]> By: Jorge Medina http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-774 Jorge Medina Mon, 05 Oct 2009 05:18:57 +0000 http://michele.pupazzo.org/diary/?p=491#comment-774 Hi michele, I think this looks much better than NTML Auth (also using samba/kerberos) because when using NTLM agains AD you will see a TCP_DENIED connection for every client trying to browse a web page, this is because the challenge/response nature of NTML, this is really problematic for access reports :(. Do you know if you get the same behaivor using kerb auth directly on squid? and another thing, is there any support for group authorization? like wbinfo_group?. Best regards. Hi michele,

I think this looks much better than NTML Auth (also using samba/kerberos) because when using NTLM agains AD you will see a TCP_DENIED connection for every client trying to browse a web page, this is because the challenge/response nature of NTML, this is really problematic for access reports :( .

Do you know if you get the same behaivor using kerb auth directly on squid?

and another thing, is there any support for group authorization? like wbinfo_group?.

Best regards.

]]> By: Alessio Spadaro http://michele.pupazzo.org/diary/?p=491&cpage=1#comment-570 Alessio Spadaro Fri, 03 Jul 2009 16:21:05 +0000 http://michele.pupazzo.org/diary/?p=491#comment-570 DZoned ;) http://www.dzone.com/links/integrating_active_directory_and_squid3.html DZoned ;)
http://www.dzone.com/links/integrating_active_directory_and_squid3.html

]]>