squid 2.7 with LDAP v3 Auth???

Discussion regarding the installation and configuration of Linux distributions.

squid 2.7 with LDAP v3 Auth???

Postby sevensins » Mon Aug 18, 2008 10:17 am

I am having problems in authenticating squid from an RHDS.

I have a running pxy squid 2.6 which is working perfectly. I have installed another machine and would like to run it as my main cache.

I compiled the sauid 2.7 with the following...

./configure --prefix=/squid --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,null,ufs --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-ntlm-auth-helpers=SMB --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group --enable-auth=basic,ntlm --with-winbind-auth-challenge --enable-useragent-log --enable-referer-log --disable-dependency-tracking --enable-cachemgr-hostname=cache1 --disable-ident-lookups --enable-truncate --enable-underscores --enable-arp-acl --enable-carp

got everything up and running with out ldap...

now when I add this to squid.conf

auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -Z -b "dc=mt,dc=com,dc=pk" -f "uid=%s" -h nms.shifa.com.pk
auth_param basic children 10
auth_param basic realm Gateway
auth_param basic credentialsttl 1 hours
authenticate_ip_ttl 10 seconds
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -Z -b "ou=Groups,dc=mt,dc=com,dc=pk" -f "(&(cn=%g)(memberUid=%u))" -h ds.mt.com.pk

acl proxy external ldap_group proxy
acl group1 external ldap_group mis
acl group2 external ldap_group trainee
acl mt_networks src
http_access deny !mt_networks
acl localhost proxy_auth
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
http_access allow group1
http_access allow group2
http_access allow authenticated

The user is asked to authenticate again and again and again with ACCESS DENIED and the cache.log reports

Could not Activate TLS connection

any pointers suggestions would be highly appreciated..

A wise monkey never monkies w/ another monkey's monkey!
Posts: 117
Joined: Tue Apr 13, 2004 1:45 pm
ICQ: 3655945
Website: http://www.us-cert.gov/
WLM: shehzad_h@hotmail.com
Yahoo Messenger: shehzadhamid@yahoo.com
Location: PAKISTAN


Postby LinuxFreaK » Mon Aug 25, 2008 12:19 pm

Dear sevensins,

Check LDAP Log.

Best Regards.
Farrukh Ahmed
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Return to “%s” Installation

Who is online

Users browsing this forum: No registered users and 2 guests