Re: [squid-users] Squid with windows 2000 ADS authentication

From: Henrik Nordstrom <[email protected]>
Date: Mon, 13 Oct 2003 19:43:46 +0200 (CEST)

Please consider upgrading to Squid-2.5 and the official Squid LDAP helpers
contained in the same release, this makes it a lot easier to help you.

The errors suggest you are running a Squid version not having the
ldap_auth patch, or maybe not having a required configure directive for
enabling the ldap_auth functionality. But I am not very familiar with this
(now obsolete) method of integrating Squid with LDAP.

Regards
Henrik

On Mon, 13 Oct 2003 azad_a@chennai.tcs.co.in wrote:

>
> Hi All
>
> I,m using Squid Squid Cache: Version 2.4.STABLE7-ldap_auth-1.4 with
> squid_ldap_auth module compiled ,I want to authenticate all my users
> with windows2000 domain ADS ,Compilation with squid_ldap_auth and
> group_ldap_auth went fine .When I give the format in squid.conf file I get
> error
> when I use group_ldap_auth module I get the below error Prblem 1 and when I
> replaced with squid_ldap_auth and also ldap_auth_program to
> authenticate_program I didnt get the first error but says Invalid acl
> ldap_auth. I,m not sure which auth module to be used ,Is the sytnax
> correct or wrong
> when seerahed thru net lot of differnet ideas and diff samples are there
> ,cudnt specifically pinpoint whih to be bset
> If someone cud thorw some lights and gve sample configswud be greatful.Also
> the implementation /proceure to do this.
> Where am I missing ?
>
>
> Problem 1:
>
> ldap_auth_program /usr/local/squid/libexec/squid/group_ldap_auth -b
> "dc=tcsamb,dc=com" -h 172.20.143.50 -l /usr/local/squid/logs/ldaplog
> acl ldap_IDM ldap_auth static 'internetgroup'
> http_access allow ldap_IDM
>
>
> 2003/10/13 20:56:43| parseConfigFile: line 1525 unrecognized:
> 'ldap_auth_program /usr/local/squid/libexec/squid/group_ldap_auth -b
> "dc=tcsamb,dc=com" -h 172.20.1
> 43.50 -l /usr/local/squid/logs/ldaplog'
> 2003/10/13 20:56:43| squid.conf line 1544: acl ldap_IDM ldap_auth static
> 'internetgroup'
> 2003/10/13 20:56:43| aclParseAclLine: Invalid ACL type 'ldap_auth'
> 2003/10/13 20:56:43| squid.conf line 1545: http_access allow ldap_IDM
> 2003/10/13 20:56:43| aclParseAccessLine: ACL name 'ldap_IDM' not found.
> 2003/10/13 20:56:43| squid.conf line 1545: http_access allow ldap_IDM
> 2003/10/13 20:56:43| aclParseAccessLine: Access line contains no ACL's,
> skipping
>
> Problem 2:
>
> authenticate_program /usr/local/squid/libexec/squid/squid_ldap_auth -b
> ou=IDM-AMB,dc=tcsamb,dc=com -l /usr/local/squid/logs/ldaplog -d
> cn=Users,ou=IDM-AMB,dc=tcs
> amb,dc=com
> acl ldap_IDM ldap_auth static 'internetgroup'
> http_access allow ldap_IDM
>
> 2003/10/13 20:58:51| squid.conf line 1544: acl ldap_IDM ldap_auth static
> 'internetgroup'
> 2003/10/13 20:58:51| aclParseAclLine: Invalid ACL type 'ldap_auth'
> 2003/10/13 20:58:51| squid.conf line 1545: http_access allow ldap_IDM
> 2003/10/13 20:58:51| aclParseAccessLine: ACL name 'ldap_IDM' not found.
> 2003/10/13 20:58:51| squid.conf line 1545: http_access allow ldap_IDM
> 2003/10/13 20:58:51| aclParseAccessLine: Access line contains no ACL's,
> skipping
>
> My squid.conf file Under test:
>
> http_port 80
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> authenticate_program /usr/local/squid/libexec/squid/squid_ldap_auth -b
> ou=IDM-AMB,dc=tcsamb,dc=com -l /usr/local/squid/logs/ldaplog -d
> cn=Users,ou=IDM-AMB,dc=tcs
> amb,dc=com
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl CONNECT method CONNECT
> acl azad src 172.20.128.0/255.255.240.0
> acl ldap_IDM ldap_auth static 'internetgroup'
> http_access allow ldap_IDM
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow azad
> http_access deny all
> icp_access allow all
> cache_effective_user squid
> cache_effective_group squid
>
> Did patching as below
> cd ~/src/squid-2.4.STABLE6/
> % patch -p2 < ~/group-ldap-auth.diff-2.4.STABLE6-1.3
>
>
>
>
>
>
>
Received on Mon Oct 13 2003 - 11:44:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:28 MST