[squid-users] Squid with windows 2000 ADS authentication

From: <[email protected]>
Date: Mon, 13 Oct 2003 20:57:44 +0530

Hi All

I,m using Squid Squid Cache: Version 2.4.STABLE7-ldap_auth-1.4 with
squid_ldap_auth module compiled ,I want to authenticate all my users
with windows2000 domain ADS ,Compilation with squid_ldap_auth and
group_ldap_auth went fine .When I give the format in squid.conf file I get
error
when I use group_ldap_auth module I get the below error Prblem 1 and when I
replaced with squid_ldap_auth and also ldap_auth_program to
authenticate_program I didnt get the first error but says Invalid acl
ldap_auth. I,m not sure which auth module to be used ,Is the sytnax
correct or wrong
when seerahed thru net lot of differnet ideas and diff samples are there
,cudnt specifically pinpoint whih to be bset
If someone cud thorw some lights and gve sample configswud be greatful.Also
the implementation /proceure to do this.
Where am I missing ?

Problem 1:

 ldap_auth_program /usr/local/squid/libexec/squid/group_ldap_auth -b
"dc=tcsamb,dc=com" -h 172.20.143.50 -l /usr/local/squid/logs/ldaplog
acl ldap_IDM ldap_auth static 'internetgroup'
http_access allow ldap_IDM

2003/10/13 20:56:43| parseConfigFile: line 1525 unrecognized:
'ldap_auth_program /usr/local/squid/libexec/squid/group_ldap_auth -b
"dc=tcsamb,dc=com" -h 172.20.1
43.50 -l /usr/local/squid/logs/ldaplog'
2003/10/13 20:56:43| squid.conf line 1544: acl ldap_IDM ldap_auth static
'internetgroup'
2003/10/13 20:56:43| aclParseAclLine: Invalid ACL type 'ldap_auth'
2003/10/13 20:56:43| squid.conf line 1545: http_access allow ldap_IDM
2003/10/13 20:56:43| aclParseAccessLine: ACL name 'ldap_IDM' not found.
2003/10/13 20:56:43| squid.conf line 1545: http_access allow ldap_IDM
2003/10/13 20:56:43| aclParseAccessLine: Access line contains no ACL's,
skipping

Problem 2:

authenticate_program /usr/local/squid/libexec/squid/squid_ldap_auth -b
ou=IDM-AMB,dc=tcsamb,dc=com -l /usr/local/squid/logs/ldaplog -d
cn=Users,ou=IDM-AMB,dc=tcs
amb,dc=com
acl ldap_IDM ldap_auth static 'internetgroup'
http_access allow ldap_IDM

2003/10/13 20:58:51| squid.conf line 1544: acl ldap_IDM ldap_auth static
'internetgroup'
2003/10/13 20:58:51| aclParseAclLine: Invalid ACL type 'ldap_auth'
2003/10/13 20:58:51| squid.conf line 1545: http_access allow ldap_IDM
2003/10/13 20:58:51| aclParseAccessLine: ACL name 'ldap_IDM' not found.
2003/10/13 20:58:51| squid.conf line 1545: http_access allow ldap_IDM
2003/10/13 20:58:51| aclParseAccessLine: Access line contains no ACL's,
skipping

My squid.conf file Under test:

 http_port 80
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
authenticate_program /usr/local/squid/libexec/squid/squid_ldap_auth -b
ou=IDM-AMB,dc=tcsamb,dc=com -l /usr/local/squid/logs/ldaplog -d
cn=Users,ou=IDM-AMB,dc=tcs
amb,dc=com
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl CONNECT method CONNECT
acl azad src 172.20.128.0/255.255.240.0
acl ldap_IDM ldap_auth static 'internetgroup'
http_access allow ldap_IDM
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow azad
http_access deny all
icp_access allow all
 cache_effective_user squid
 cache_effective_group squid

Did patching as below
cd ~/src/squid-2.4.STABLE6/
  % patch -p2 < ~/group-ldap-auth.diff-2.4.STABLE6-1.3

Received on Mon Oct 13 2003 - 09:41:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:28 MST