[squid-users] NTLM_Auth & LDAP_Group help needed.

From: nick w <[email protected]>
Date: Tue, 24 Jul 2007 15:38:08 +1000

Hi,

I have had a look through the threads and see that there are a few
threads on this particular issue but dealing with Unix based squid
servers and not Windows platforms. I am having a little trouble
getting the squid_ldap_group helper working with NTLM_Auth and running
on a W2K3 server. With the config below when you try to browse the net
the browser just hangs trying to contact the website, no access denied
message appears and I am assuming that the browser has not had a
response back from squid. I have checked the cache.log file and I see
entries in there saying that the request matched a denied acl rule and
access is denied. If you are not in the AD group for denying inet
access you get the same browser hang. Not sure what to do from here.

auth_param ntlm program c:/proxy/libexec/win32_ntlm_auth.exe
auth_param ntlm children 40
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate on

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

external_acl_type ldap_group %LOGIN
C:\Proxy\libexec\squid_ldap_group.exe -b OU=xxx,DC=xxx,DC=xxx -f
OU=xxx,DC=xxx,DC=xxx -F OU=xxx,DC=xxx,DC=xxx -h LDAP_server_name -p
389 -S

acl inet_deny external ldap_group CN=No-Internet-Access,OU=xxx,DC=xxx,DC=xxx

http_access deny inet_deny

Any help would be greatly appreciated.
Received on Mon Jul 23 2007 - 23:38:16 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT