Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.2.6 + squid+kerberos

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rgibox
      last edited by

      Hi,
      I'm trying to implement squid with AD SSO.
      I Installed pfsense 2.2.6+squid and krb5 package.
      And created krb5.conf and keytab file.

      
      [libdefaults]
               default_realm = RG.LOCAL
               dns_lookup_kdc = no
               dns_lookup_realm = no
               ticket_lifetime = 24h
               default_keytab_name = /etc/proxy.keytab
               default_tgs_enctypes = AES256-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
               default_tkt_enctypes = AES256-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
               permitted_enctypes = AES256-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
       [realms]
               RG.LOCAL = {
                       kdc = 192.168.204.5
                       kdc = 192.168.204.6
      				 admin_server = 192.168.204.5
                       default_domain = rg.local
               }
        [domain_realm]
               .rg.local = RG.LOCAL
               rg.local = RG.LOCAL
      

      I'm able to get ticket with kinit.
      But when i'm trying to do test with:
      /usr/pbi/squid-amd64/local/libexec/squid/negotiate_kerberos_auth_test -r -s HTTP/proxy.rg.local@RG.LOCAL

      I get this

      2016/01/20 09:49:14 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
      2016/01/20 09:49:14| pinger: Initialising ICMP pinger ...
      dlopen: Cannot open "/usr/lib/libgssapi_spnego.so.10"
      

      Where can i find this file?
      Is there a working instruction for 2.2.6+kerberos?

      PS: sorry for my english.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.