LINUX.ORG.RU
ФорумAdmin

kerberos и squid

 , , ,


1

2

Добрый день! проблема с авторизацией у сквида, при тестах все проходит успешно но при указании прокси в браузере вылазит окошко с указанием логина и пароля при вводе который не проходит

support_member.cc(125): pid=14817 :2018/10/09 14:05:06| kerberos_ldap_group: INFO: User a.kosarev is member of group@domain SQUIDADMINS@NULL OK kerberos_ldap_group.cc(408): pid=14817 :2018/10/09 14:05:06| kerberos_ldap_group: DEBUG: OK

Using default cache: /tmp/krb5cc_0 Using principal: HTTP/squid.domain.local@domain.LOCAL Authenticated to Kerberos v5

сама ошибка:TCP_DENIED/407 7255 CONNECT http://www.youtube.com:443 - HIER_NONE/- text/html kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. ; }} 2018/10/09 13:45:50.457 kid1| 28,5| InnerNode.cc(94) resumeMatchingAt: checking http_access at 5 2018/10/09 13:45:50.457 kid1| 28,5| Checklist.cc(400) bannedAction: Action 'ALLOWED/0is not banned 2018/10/09 13:45:50.457 kid1| 28,5| InnerNode.cc(94) resumeMatchingAt: checking http_access#6 at 0 2018/10/09 13:45:50.457 kid1| 28,5| Acl.cc(138) matches: checking SQUIDADMINS 2018/10/09 13:45:50.457 kid1| 28,4| Acl.cc(76) AuthenticateAcl: returning 3 sending authentication challenge. 2018/10/09 13:45:50.457 kid1| 28,3| Checklist.cc(63) markFinished: 0x560782af6f98 answer AUTH_REQUIRED for aclMatchExternal exception 2018/10/09 13:45:50.457 kid1| 28,3| Acl.cc(158) matches: checked: SQUIDADMINS = -1 2018/10/09 13:45:50.457 kid1| 28,3| InnerNode.cc(97) resumeMatchingAt: checked: http_access#6 = -1 2018/10/09 13:45:50.458 kid1| 28,3| InnerNode.cc(97) resumeMatchingAt: checked: http_access = -1 2018/10/09 13:45:50.458 kid1| 28,3| Checklist.cc(163) checkCallback: ACLChecklist::checkCallback: 0x560782af6f98 answer=AUTH_REQUIRED 2018/10/09 13:45:50.458 kid1| 28,8| Gadgets.cc(51) aclGetDenyInfoPage: got called for SQUIDADMINS 2018/10/09 13:45:50.458 kid1| 28,8| Gadgets.cc(70) aclGetDenyInfoPage: aclGetDenyInfoPage: no match 2018/10/09 13:45:50.458 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffe3fcb9160 2018/10/09 13:45:50.458 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffe3fcb9160 2018/10/09 13:45:50.458 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffe3fcb9160 2018/10/09 13:45:50.458 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffe3fcb9160 2018/10/09 13:45:50.458 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x560782af6f98 2018/10/09 13:45:50.458 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x560782af6f98 2018/10/09 13:45:50.458 kid1| 28,3| Checklist.cc(70) preCheck: 0x7ffe3fcb90d0 checking fast ACLs 2018/10/09 13:45:50.458 kid1| 28,5| Acl.cc(138) matches: checking access_log daemon:/var/log/squid/access.log 2018/10/09 13:45:50.458 kid1| 28,5| Acl.cc(138) matches: checking (access_log daemon:/var/log/squid/access.log line) 2018/10/09 13:45:50.458 kid1| 28,3| Acl.cc(158) matches: checked: (access_log daemon:/var/log/squid/access.log line) = 1 2018/10/09 13:45:50.458 kid1| 28,3| Acl.cc(158) matches: checked: access_log daemon:/var/log/squid/access.log = 1 2018/10/09 13:45:50.458 kid1| 28,3| Checklist.cc(63) markFinished: 0x7ffe3fcb90d0 answer ALLOWED for match


Ответ на: комментарий от elum

Какие ещё методы авторизации в сквиде есть? Браузер может выбирать LDAP, например, если порядок не правильный указан. Время на клиентах и сервере одинаковое?

DALDON ★★★★★ ()