Page 1 of 1

squid 2.7 with LDAP v3 Auth???

Posted: Mon Aug 18, 2008 10:17 am
by sevensins
AOA,
I am having problems in authenticating squid from an RHDS.

I have a running pxy squid 2.6 which is working perfectly. I have installed another machine and would like to run it as my main cache.

I compiled the sauid 2.7 with the following...

./configure --prefix=/squid --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,null,ufs --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-ntlm-auth-helpers=SMB --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group --enable-auth=basic,ntlm --with-winbind-auth-challenge --enable-useragent-log --enable-referer-log --disable-dependency-tracking --enable-cachemgr-hostname=cache1 --disable-ident-lookups --enable-truncate --enable-underscores --enable-arp-acl --enable-carp


got everything up and running with out ldap...

now when I add this to squid.conf

auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -Z -b "dc=mt,dc=com,dc=pk" -f "uid=%s" -h nms.shifa.com.pk
auth_param basic children 10
auth_param basic realm Gateway
auth_param basic credentialsttl 1 hours
authenticate_ip_ttl 10 seconds
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -Z -b "ou=Groups,dc=mt,dc=com,dc=pk" -f "(&(cn=%g)(memberUid=%u))" -h ds.mt.com.pk



acl proxy external ldap_group proxy
acl group1 external ldap_group mis
acl group2 external ldap_group trainee
acl mt_networks src 192.168.0.0/16
http_access deny !mt_networks
acl localhost proxy_auth 127.0.0.1/32
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
http_access allow group1
http_access allow group2
http_access allow authenticated


The user is asked to authenticate again and again and again with ACCESS DENIED and the cache.log reports

Could not Activate TLS connection


any pointers suggestions would be highly appreciated..

Re:

Posted: Mon Aug 25, 2008 12:19 pm
by LinuxFreaK
Dear sevensins,
Salam,

Check LDAP Log.

Best Regards.