squid 2.7 with LDAP v3 Auth???

Discussion regarding the installation and configuration of Linux distributions.

squid 2.7 with LDAP v3 Auth???

Postby sevensins » Mon Aug 18, 2008 10:17 am

AOA,
I am having problems in authenticating squid from an RHDS.

I have a running pxy squid 2.6 which is working perfectly. I have installed another machine and would like to run it as my main cache.

I compiled the sauid 2.7 with the following...

./configure --prefix=/squid --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,null,ufs --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-ntlm-auth-helpers=SMB --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group --enable-auth=basic,ntlm --with-winbind-auth-challenge --enable-useragent-log --enable-referer-log --disable-dependency-tracking --enable-cachemgr-hostname=cache1 --disable-ident-lookups --enable-truncate --enable-underscores --enable-arp-acl --enable-carp


got everything up and running with out ldap...

now when I add this to squid.conf

auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -Z -b "dc=mt,dc=com,dc=pk" -f "uid=%s" -h nms.shifa.com.pk
auth_param basic children 10
auth_param basic realm Gateway
auth_param basic credentialsttl 1 hours
authenticate_ip_ttl 10 seconds
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -Z -b "ou=Groups,dc=mt,dc=com,dc=pk" -f "(&(cn=%g)(memberUid=%u))" -h ds.mt.com.pk



acl proxy external ldap_group proxy
acl group1 external ldap_group mis
acl group2 external ldap_group trainee
acl mt_networks src 192.168.0.0/16
http_access deny !mt_networks
acl localhost proxy_auth 127.0.0.1/32
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
http_access allow group1
http_access allow group2
http_access allow authenticated


The user is asked to authenticate again and again and again with ACCESS DENIED and the cache.log reports

Could not Activate TLS connection


any pointers suggestions would be highly appreciated..
Regards,

-----------------------------------------------------------------
A wise monkey never monkies w/ another monkey's monkey!
sevensins
Havaldaar
 
Posts: 117
Joined: Tue Apr 13, 2004 1:45 pm
ICQ: 3655945
Website: http://www.us-cert.gov/
WLM: shehzad_h@hotmail.com
Yahoo Messenger: shehzadhamid@yahoo.com
Location: PAKISTAN

Re:

Postby LinuxFreaK » Mon Aug 25, 2008 12:19 pm

Dear sevensins,
Salam,

Check LDAP Log.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” Installation

Who is online

Users browsing this forum: No registered users and 2 guests

cron