Hi guys:
I want to set up Squid + LDAP to authenticate Mi w2k3
active directory
users. I've searched all over the internet for info
(including posted
messages on this list), but i haven't been able to
make it work.
When i use ldapsearch i works just fine. Same when I
use
squid_ldap_auth from command line. When using squid,
it shows the auth window an
every time i enter a user name and password, and click
ok, the Fedora
server communicates with the w2k3 server (i use
ethereal & iptraf to check
that).
The weird thing is when i put the wrong user or
passwd, the window
keeps asking for it, but whent i put the right user
and passwd it generates
a TCP_DENIED/407 and won't show anythig in the
browser.
My squid.conf file shows:
auth_param basic program
/usr/lib/squid/squid_ldap_auth -b
cn=users,dc=dom1,dc=info,dc=co -D
cn=user1o,cn=users,dc=dom1,dc=info,dc=co -h
10.10.1.25 -w pass1 -u cn
auth_param basic children 5
auth_param basic realm Squid LDAP
auth_param basic credentialsttl 2 hours
acl localusers proxy_auth REQUIERED
external_acl_type AD_Group %LOGIN
/usr/lib/squid/squid_ldap_auth -b
cn=users,dc=dom1,dc=info,dc=co -D
cn=user1,cn=users,dc=dom1,dc=info,dc=co
-h 10.10.1.25 -w pass1 -S -f
"(&(cn=%u)(memberOf=cn=internet,cn=users,dc=dom1,dc=info,dc=co))"
acl wwwusers external AD_Group
cn=internet,cn=users,dc=dom1,dc=info,dc=co
http_access deny !wwwusers
http_access allow localusers
http_reply_access allow all
icp_access allow all
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
Received on Thu Jul 15 2004 - 16:23:16 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT