The OpenNET Project / Index page

[ новости/++ | форум | wiki | теги | ]



"не работает ext_kerberos_ldap_group_acl"
Вариант для распечатки  
Пред. тема | След. тема 
Форум Настройка Squid и других прокси серверов (Squid)
Изначальное сообщение [ Отслеживать ]

"не работает ext_kerberos_ldap_group_acl"  +/
Сообщение от visitor (ok) on 23-Май-18, 10:58 
Всем привет
помогите разобраться плиз с сабжем


ext_kerberos_ldap_group_acl -i -a -g internet -D MYDOMAIN.BY
aduser
kerberos_ldap_group.cc(378): pid=413 :2018/05/23 10:44:56| kerberos_ldap_group: INFO: Got User: aduser set default domain: MYDOMAIN.BY
kerberos_ldap_group.cc(383): pid=413 :2018/05/23 10:44:56| kerberos_ldap_group: INFO: Got User: aduser Domain: MYDOMAIN.BY
support_ldap.cc(1061): pid=413 :2018/05/23 10:44:56| kerberos_ldap_group: ERROR: Error determining ldap server type: Operations error
support_member.cc(134): pid=413 :2018/05/23 10:44:56| kerberos_ldap_group: INFO: User aduser is not member of group@domain internet@NULL
ERR

запуск в дебаге

/usr/sbin/ext_kerberos_ldap_group_acl -d -a -g internet -D MYDOMAIN.BY
kerberos_ldap_group.cc(283): pid=399 :2018/05/23 10:43:28| kerberos_ldap_group: INFO: Starting version 1.3.1sq
support_group.cc(382): pid=399 :2018/05/23 10:43:28| kerberos_ldap_group: INFO: Group list internet
support_group.cc(447): pid=399 :2018/05/23 10:43:28| kerberos_ldap_group: INFO: Group internet  Domain NULL
support_netbios.cc(83): pid=399 :2018/05/23 10:43:28| kerberos_ldap_group: DEBUG: Netbios list NULL
support_netbios.cc(87): pid=399 :2018/05/23 10:43:28| kerberos_ldap_group: DEBUG: No netbios names defined.
support_lserver.cc(82): pid=399 :2018/05/23 10:43:28| kerberos_ldap_group: DEBUG: ldap server list NULL
support_lserver.cc(86): pid=399 :2018/05/23 10:43:28| kerberos_ldap_group: DEBUG: No ldap servers defined.
aduser
kerberos_ldap_group.cc(376): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: INFO: Got User: aduser set default domain: MYDOMAIN.BY
kerberos_ldap_group.cc(381): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: INFO: Got User: aduser Domain: MYDOMAIN.BY
support_member.cc(63): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: User domain loop: group@domain internet@NULL
support_member.cc(91): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Default domain loop: group@domain internet@NULL
support_member.cc(119): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Default group loop: group@domain internet@NULL
support_member.cc(121): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Found group@domain internet@NULL
support_ldap.cc(898): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Setup Kerberos credential cache
support_krb5.cc(127): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Set credential cache to MEMORY:squid_ldap_399
support_krb5.cc(138): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Get default keytab file name
support_krb5.cc(144): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Got default keytab file name /etc/krb5.keytab
support_krb5.cc(158): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Get principal name from keytab /etc/krb5.keytab
support_krb5.cc(169): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Keytab entry has realm name: MYDOMAIN.BY
support_krb5.cc(189): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Found principal  name: HTTP/squid-1.mydomain.com@MYDOMAIN.BY
support_krb5.cc(205): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Got principal name HTTP/squid-1.mydomain.com@MYDOMAIN.BY
support_krb5.cc(269): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Stored credentials
support_ldap.cc(927): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Initialise ldap connection
support_ldap.cc(933): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Canonicalise ldap server name for domain MYDOMAIN.BY
support_resolv.cc(379): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.MYDOMAIN.BY record to adc1.mydomain.com
support_resolv.cc(379): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.MYDOMAIN.BY record to adc4.mydomain.com
support_resolv.cc(379): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.MYDOMAIN.BY record to adc3.mydomain.com
support_resolv.cc(379): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.MYDOMAIN.BY record to adc2.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 1 of MYDOMAIN.BY to adc1.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 2 of MYDOMAIN.BY to adc1.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 3 of MYDOMAIN.BY to adc1.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 4 of MYDOMAIN.BY to adc4.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 5 of MYDOMAIN.BY to adc4.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 6 of MYDOMAIN.BY to adc4.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 7 of MYDOMAIN.BY to adc2.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 8 of MYDOMAIN.BY to adc2.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 9 of MYDOMAIN.BY to adc2.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 10 of MYDOMAIN.BY to adc3.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 11 of MYDOMAIN.BY to adc3.mydomain.com
support_resolv.cc(207): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Resolved address 12 of MYDOMAIN.BY to adc3.mydomain.com
support_resolv.cc(407): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Adding MYDOMAIN.BY to list
support_resolv.cc(443): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Sorted ldap server names for domain MYDOMAIN.BY:
support_resolv.cc(445): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Host: adc4.mydomain.com Port: 389 Priority: 0 Weight: 100
support_resolv.cc(445): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Host: adc3.mydomain.com Port: 389 Priority: 0 Weight: 100
support_resolv.cc(445): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Host: adc2.mydomain.com Port: 389 Priority: 0 Weight: 100
support_resolv.cc(445): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Host: adc1.mydomain.com Port: 389 Priority: 0 Weight: 100
support_resolv.cc(445): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Host: MYDOMAIN.BY Port: -1 Priority: -2 Weight: -2
support_ldap.cc(942): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Setting up connection to ldap server adc4.mydomain.com:389
support_ldap.cc(953): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI
support_ldap.cc(967): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Successfully initialised connection to ldap server adc4.mydomain.com:389
support_ldap.cc(333): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Search ldap server with bind path "" and filter: (objectclass=*)
support_ldap.cc(602): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Search ldap entries for attribute : schemaNamingContext
support_ldap.cc(645): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: 1 ldap entry found with attribute : schemaNamingContext
support_ldap.cc(342): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Search ldap server with bind path CN=Schema,CN=Configuration,DC=mtb,DC=minsk,DC=by and filter: (ldapdisplayname=samaccountname)
support_ldap.cc(345): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Found 0 ldap entries
support_ldap.cc(350): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Determined ldap server not as an Active Directory server
support_ldap.cc(1061): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: ERROR: Error determining ldap server type: Operations error
support_member.cc(132): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: INFO: User aduser is not member of group@domain internet@NULL
ERR
kerberos_ldap_group.cc(416): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: ERR
^C

Ответить | Правка | Cообщить модератору

Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "не работает ext_kerberos_ldap_group_acl"  +/
Сообщение от iiws (??) on 23-Май-18, 14:06 
Юsupport_ldap.cc(342): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG: Search ldap server with bind path CN=Schema,CN=Configuration,DC=mtb,DC=minsk,DC=by and filter: (ldapdisplayname=samaccountname)
DC=mtb,DC=minsk,DC=by - это всё соответствует вашему домену в локали?
Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

2. "не работает ext_kerberos_ldap_group_acl"  +/
Сообщение от visitor (ok) on 23-Май-18, 15:16 
> Юsupport_ldap.cc(342): pid=399 :2018/05/23 10:43:34| kerberos_ldap_group: DEBUG:
> Search ldap server with bind path CN=Schema,CN=Configuration,DC=mtb,DC=minsk,DC=by
> and filter: (ldapdisplayname=samaccountname)
>  DC=mtb,DC=minsk,DC=by - это всё соответствует вашему домену в локали?

да,
может нужно хелпер с доп. опциями запустить, хз ? нет опыта :(

Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема


  Закладки на сайте
  Проследить за страницей
Created 1996-2018 by Maxim Chirkov  
ДобавитьПоддержатьВебмастеруГИД  
Hosting by Ihor