[squid-users] Auth with NTLM and LDAP on Active Directory

From: <jphml@dont-contact.us>
Date: Wed, 16 Feb 2005 19:39:59 -0500

Hi,

I would like to authenticate Active Directory users via LDAP and group membership. My setup seems to work fine except for one little thing.

First here is my config:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 40
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 1 minutes

external_acl_type LDAPGROUP %LOGIN /usr/libexec/squid_ldap_group -b "ou=MYCIE,dc=mycie,dc=com" -D "cn=USERNAME,ou=ITS,ou=MYCIE,dc=mycie,dc=com" -w MYPASS -f "(&(samAccountName=%v)(memberOf=cn=%a,ou=ITS,ou=MYCIE,dc=mycie,dc=com))" -p 389 -S -P -d -h 10.64.1.10

acl AXS external LDAPGROUP Internet_access
http_access allow AXS all
http_access deny all

It works fine, if the user is in the AD group Internet_access, he can browse the internet, if he's not in the group, he can't.

The problem:
The problem is if I modify a user access (remove or add in Internet_access) I need to use "squid -k reconfigure" to apply the changes.

Is there something I can change that wouldn't required a squid reconfigure?

I also seen some post about squid_ldap_auth, does it only support basic auth? Would it solve my problem?

Thanks for the help,
Jean-Philippe
Received on Wed Feb 16 2005 - 17:40:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST