Алексей Максимов писал(а):Покажите вывод, который получается после ввода указанной вами команды:
Код: Выделить всё
sudo /usr/lib/squid3/ext_kerberos_ldap_group_acl -d -a -i -g TEST-Internet-Standart@TEST.LOCAL -D TEST.LOCAL
Ещё меня смущает то, что показанный вами набор параметров начинается с значения "squid_kerb_ldap". Вы точно показали ключи хелпера ext_kerberos_ldap_group_acl ?
Выводи предоставил точно ext_kerberos_ldap_group_acl !
Вот вывод команды который Вы запросили.
sudo /usr/lib/squid3/ext_kerberos_ldap_group_acl -d -a -i -g
TEST-Internet-Standart@TEST.LOCAL -D TEST.LOCAL
[sudo] password for user:
kerberos_ldap_group.cc(275): pid=1763 :2016/01/18 15:17:39| kerberos_ldap_group: INFO: Starting version 1.3.1sq
support_group.cc(374): pid=1763 :2016/01/18 15:17:39| kerberos_ldap_group: INFO: Group list
TEST-Internet-Standart@TEST.LOCAL
support_group.cc(439): pid=1763 :2016/01/18 15:17:39| kerberos_ldap_group: INFO: Group TEST-Internet-Standart Domain TEST.LOCAL
support_netbios.cc(75): pid=1763 :2016/01/18 15:17:39| kerberos_ldap_group: DEBUG: Netbios list NULL
support_netbios.cc(79): pid=1763 :2016/01/18 15:17:39| kerberos_ldap_group: DEBUG: No netbios names defined.
support_lserver.cc(74): pid=1763 :2016/01/18 15:17:39| kerberos_ldap_group: DEBUG: ldap server list NULL
support_lserver.cc(78): pid=1763 :2016/01/18 15:17:39| kerberos_ldap_group: DEBUG: No ldap servers defined.
student TEST-Internet-Standart
kerberos_ldap_group.cc(367): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: INFO: Got User: student%09TEST-Internet-Standart set default domain: TEST.LOCAL
kerberos_ldap_group.cc(372): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: INFO: Got User: student%09TEST-Internet-Standart Domain: TEST.LOCAL
support_member.cc(55): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: User domain loop: group@domain
TEST-Internet-Standart@TEST.LOCAL
support_member.cc(57): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Found group@domain
TEST-Internet-Standart@TEST.LOCAL
support_ldap.cc(801): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Setup Kerberos credential cache
support_krb5.cc(90): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Get default keytab file name
support_krb5.cc(96): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Got default keytab file name /etc/squid3/PROXY.keytab
support_krb5.cc(110): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Get principal name from keytab /etc/squid3/PROXY.keytab
support_krb5.cc(121): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Keytab entry has realm name: TEST.LOCAL
support_krb5.cc(133): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Found principal name: HTTP/
srv-prx-01.TEST.local@TEST.LOCAL
support_krb5.cc(174): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Set credential cache to MEMORY:squid_ldap_1763
support_krb5.cc(269): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Got principal name HTTP/
srv-prx-01.TEST.local@TEST.LOCAL
support_krb5.cc(312): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Stored credentials
support_ldap.cc(830): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Initialise ldap connection
support_ldap.cc(836): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Canonicalise ldap server name for domain TEST.LOCAL
support_resolv.cc(373): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.TEST.LOCAL record to dc02.TEST.local
support_resolv.cc(373): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.TEST.LOCAL record to dc04.TEST.local
support_resolv.cc(373): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.TEST.LOCAL record to dc03.TEST.local
support_resolv.cc(373): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.TEST.LOCAL record to dc01.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 1 of TEST.LOCAL to dc03.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 2 of TEST.LOCAL to dc03.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 3 of TEST.LOCAL to dc03.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 4 of TEST.LOCAL to dc01.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 5 of TEST.LOCAL to dc01.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 6 of TEST.LOCAL to dc01.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 7 of TEST.LOCAL to dc02.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 8 of TEST.LOCAL to dc02.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 9 of TEST.LOCAL to dc02.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 10 of TEST.LOCAL to dc04.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 11 of TEST.LOCAL to dc04.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 12 of TEST.LOCAL to dc04.TEST.local
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 13 of TEST.LOCAL to 192.168.48.2
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 14 of TEST.LOCAL to 192.168.48.2
support_resolv.cc(201): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Resolved address 15 of TEST.LOCAL to 192.168.48.2
support_resolv.cc(401): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Adding TEST.LOCAL to list
support_resolv.cc(437): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Sorted ldap server names for domain TEST.LOCAL:
support_resolv.cc(439): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Host: dc04.TEST.local Port: 389 Priority: 0 Weight: 100
support_resolv.cc(439): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Host: dc03.TEST.local Port: 389 Priority: 0 Weight: 100
support_resolv.cc(439): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Host: dc01.TEST.local Port: 389 Priority: 0 Weight: 100
support_resolv.cc(439): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Host: dc02.TEST.local Port: 389 Priority: 0 Weight: 100
support_resolv.cc(439): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Host: 192.168.48.2 Port: -1 Priority: -1 Weight: -1
support_resolv.cc(439): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Host: TEST.LOCAL Port: -1 Priority: -2 Weight: -2
support_ldap.cc(845): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Setting up connection to ldap server dc04.TEST.local:389
support_ldap.cc(856): pid=1763 :2016/01/18 15:17:54| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI
support_sasl.cc(268): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(860): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact LDAP server
support_ldap.cc(845): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Setting up connection to ldap server dc03.TEST.local:389
support_ldap.cc(856): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI
support_ldap.cc(870): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Successfully initialised connection to ldap server dc03.TEST.local:389
support_ldap.cc(299): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Search ldap server with bind path "" and filter: (objectclass=*)
support_ldap.cc(569): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Search ldap entries for attribute : schemaNamingContext
support_ldap.cc(615): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: 1 ldap entry found with attribute : schemaNamingContext
support_ldap.cc(308): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Search ldap server with bind path CN=Schema,CN=Configuration,DC=TEST,DC=local and filter: (ldapdisplayname=samaccountname)
support_ldap.cc(311): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Found 1 ldap entry
support_ldap.cc(316): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Determined ldap server as an Active Directory server
support_ldap.cc(978): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Search ldap server with bind path dc=TEST,dc=LOCAL and filter : (samaccountname=student TEST-Internet-Standart)
support_ldap.cc(991): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Found 0 ldap entries
support_member.cc(68): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: INFO: User student TEST-Internet-Standart is not member of group@domain
TEST-Internet-Standart@TEST.LOCAL
support_member.cc(83): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Default domain loop: group@domain
TEST-Internet-Standart@TEST.LOCAL
support_member.cc(111): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: Default group loop: group@domain
TEST-Internet-Standart@TEST.LOCAL
ERR
kerberos_ldap_group.cc(407): pid=1763 :2016/01/18 15:17:55| kerberos_ldap_group: DEBUG: ERR