Pfsense 2.2.6 + squid+kerberos



  • Hi,
    I'm trying to implement squid with AD SSO.
    I Installed pfsense 2.2.6+squid and krb5 package.
    And created krb5.conf and keytab file.

    
    [libdefaults]
             default_realm = RG.LOCAL
             dns_lookup_kdc = no
             dns_lookup_realm = no
             ticket_lifetime = 24h
             default_keytab_name = /etc/proxy.keytab
             default_tgs_enctypes = AES256-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
             default_tkt_enctypes = AES256-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
             permitted_enctypes = AES256-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
     [realms]
             RG.LOCAL = {
                     kdc = 192.168.204.5
                     kdc = 192.168.204.6
    				 admin_server = 192.168.204.5
                     default_domain = rg.local
             }
      [domain_realm]
             .rg.local = RG.LOCAL
             rg.local = RG.LOCAL
    

    I'm able to get ticket with kinit.
    But when i'm trying to do test with:
    /usr/pbi/squid-amd64/local/libexec/squid/negotiate_kerberos_auth_test -r -s HTTP/proxy.rg.local@RG.LOCAL

    I get this

    2016/01/20 09:49:14 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
    2016/01/20 09:49:14| pinger: Initialising ICMP pinger ...
    dlopen: Cannot open "/usr/lib/libgssapi_spnego.so.10"
    

    Where can i find this file?
    Is there a working instruction for 2.2.6+kerberos?

    PS: sorry for my english.


Log in to reply