Re: [squid-users] Configuring authentication with ldap_auth and two domains?

From: D & E Radel <[email protected]>
Date: Thu, 14 Apr 2005 08:25:30 +1200

> > Hi Matthias (and anyone else reading this)
> >
> > I have tried the solution and cannot get it
> > working. I replaced this line:
> > auth_param basic program
> > /usr/lib/squid/ldap_auth ......
> > with reference to my script:
> > "auth_param basic program
> > /etc/squid/multi_domains.sh"
> >
> > The /etc/squid/multi_domains.sh was chmod
777'ed
> > and contains:
> >
> > #!/bin/sh
> >
> > # Reading stdin from Squid
> > INP=`cat`
> >
> > # Pass stdin to /usr/lib/squid/ldap_auth
> > DOMAIN1=`echo $INP |
> > /usr/lib/squid/ldap_auth -R
> > -b "dc=......"
> > -D
> > "cn=Administrator,cn=Users,dc=..........."
> > -w "........." -f
sAMAccountName=%s -h
> > 192.168.1.1`
> >
> > # Just spit out the result for now
> > echo $DOMAIN1
> >
> > Note that this was just a test to make sure
the
> > first part worked before querying two domains
and
> > evaluating. The result was that I received the
> > authentication prompt in my browser. If I got
the
> > password wrong it would ask upto 2 more times
then
> > access denied, but if I got it correct the
browser
> > would just hang then time-out.
> >
> > Something weird is going on, because if I add
the
> > following command to the beginning, it gets
> > ignored when ldap_auth calls it:
> > echo "hello" >/etc/squid/tmp.txt
> >
> > Or is that just a permissions issue? If I run
the
> > script from console, it writes the tmp.txt
file.
> >
> > The fact that authentication fails on bad
password
> > and hangs on ok password tells me that the
LDAP
> > part is working. However, the passing of the
> > stdout back to Squid does not seem to be
working.
> > The weird thing is that Squid knows when I get
the
> > password wrong 3 times.
> >
> > Regards,
> > Dietrich (aka grolschie)
> >
> >
> Hello grolschie,
>
> I'm very sorry, that it doesn't work at first
go.
> I didn't understand, where you added this line:
> echo "hello" >/etc/squid/tmp.txt
> but I advise you first to test the username
password pair on the command
> line before you do that with squid and a
browser.
> This is very easy.
> Type the following on the shell:
> echo "username password" |
/usr/lib/squid/ldap_auth ...
> If you get an OK or an ERR this works at least.
> If it works then type in this:
> echo "username password" |
/etc/squid/multi_domains.sh
> There you should get the same result as before.
>
> At the moment I don't have the possibility to
test the script in a
> working environment, but at the weekend I will
do so.
>
> Regards,
> Matthias

Hi Matthias,

I only added the "echo "hello"
>/etc/squid/tmp.txt" line at the top to debug, to
make sure that the script was actually being run
ok. I expected it to write to the file when ever
the script was called. But perhaps Squid didn't
have permissions to write to that file? I
originallly tried outputing the $DOMAIN1 variable
to file so I could see what was in it. So much for
my debugging. ;-)

Many thanks for your help so far Matthias. I will
have a go at the commandline debugging very soon.
I look forward to your reply at the weekend. :-)

regards,
grolschie.
Received on Wed Apr 13 2005 - 14:24:56 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT