AW: [squid-users] Squid 2.5Stable2 with LDAP and Active Directory

From: Arne Tiedemann <mr-at@dont-contact.us>
Date: Mon, 19 May 2003 23:37:34 +0200

Hello All,

thanks for your help!

I've changed me config, see below:

snip-----------------------

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u cn
-b OU=SM,OU=Users,OU=Struktur2,DC=at,DC=local -D
CN=LDAP-Search,CN=Users,DC=at,DC=local -wherbst99 -f
(&(uid=%s)(memberOf=%g)) -h dc1.at.local -Z

auth_param basic children 5
auth_param basic realm Schuelke + Mayr Proxy
auth_param basic credentialsttl 2 hours

external_acl_type AD_Group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -B
OU=SM,OU=users,OU=Struktur2,DC=at,DC=local -b
OU=Application,OU=Groups,OU=Struktur,dc=at,dc=local -f
(&(uid=%v)(memberOf=%a)) -F (&(uid=%s)(memberOf=%g)) -h dc1.at.local -S
-D OU=LDAP-Search,OU=Users,DC=at,DC=local -wherbst99

acl AD_Group proxy_auth REQUIRED

acl AD-Group external AD_Group
cn=GLA-Internet,OU=Application,OU=Groups,OU=Struktur2,dc=at,dc=local

http_access allow AD_Group

snip-----------------------

So and I've an error in the access.log

TCP_DENIED/407 1

I think my authentication dosn't work, can anybody tell me how to find
an Documentation abaut squid_ldap_auth and squid_ldap_group?

thanks all for help

########################################################################
############################################

On Mon, May 19, 2003 at 05:09:10PM +0200, Arne Tiedemann wrote:
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u
> cn -b OU=benutzer,OU=systemhaus,DC=at,DC=local -D
> CN=LDAP-Search,CN=Users,DC=at,DC=local -w"123" -f
> "(&(uid=%s)(GL-InternetAdmin=enabled))" -h server1 -Z

I'm not sure about the syntax however recently I had a lot of trouble
with double-quotes. Try removing the '"' in the "-f" expression. Also I
suspect there should be a space between the "-w" and the "123".

Have you tried running this command from the command line?

> Now when I connect to the Proxy Server I authenticate with my username

> and password but the loginscreen comes back. The Proxy do not accept
> my username and password.

If you get an error 407 in the log files time and again then the
authentication failed.

> I hope Anybody can help me?

Me too.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Received on Mon May 19 2003 - 15:39:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:45 MST