> > Hi Matthias (and anyone else reading this) > > > > I have tried the solution and cannot get it > > working. I replaced this line: > > auth_param basic program > > /usr/lib/squid/ldap_auth ...... > > with reference to my script: > > "auth_param basic program > > /etc/squid/multi_domains.sh" > > > > The /etc/squid/multi_domains.sh was chmod 777'ed > > and contains: > > > > #!/bin/sh > > > > # Reading stdin from Squid > > INP=`cat` > > > > # Pass stdin to /usr/lib/squid/ldap_auth > > DOMAIN1=`echo $INP | > > /usr/lib/squid/ldap_auth -R > > -b "dc=......" > > -D > > "cn=Administrator,cn=Users,dc=..........." > > -w "........." -f sAMAccountName=%s -h > > 192.168.1.1` > > > > # Just spit out the result for now > > echo $DOMAIN1 > > > > Note that this was just a test to make sure the > > first part worked before querying two domains and > > evaluating. The result was that I received the > > authentication prompt in my browser. If I got the > > password wrong it would ask upto 2 more times then > > access denied, but if I got it correct the browser > > would just hang then time-out. > > > > Something weird is going on, because if I add the > > following command to the beginning, it gets > > ignored when ldap_auth calls it: > > echo "hello" >/etc/squid/tmp.txt > > > > Or is that just a permissions issue? If I run the > > script from console, it writes the tmp.txt file. > > > > The fact that authentication fails on bad password > > and hangs on ok password tells me that the LDAP > > part is working. However, the passing of the > > stdout back to Squid does not seem to be working. > > The weird thing is that Squid knows when I get the > > password wrong 3 times. > > > > Regards, > > Dietrich (aka grolschie) > > > > > Hello grolschie, > > I'm very sorry, that it doesn't work at first go. > I didn't understand, where you added this line: > echo "hello" >/etc/squid/tmp.txt > but I advise you first to test the username password pair on the command > line before you do that with squid and a browser. > This is very easy. > Type the following on the shell: > echo "username password" | /usr/lib/squid/ldap_auth ... > If you get an OK or an ERR this works at least. > If it works then type in this: > echo "username password" | /etc/squid/multi_domains.sh > There you should get the same result as before. > > At the moment I don't have the possibility to test the script in a > working environment, but at the weekend I will do so. > > Regards, > Matthias Hi Matthias, I only added the "echo "hello" >/etc/squid/tmp.txt" line at the top to debug, to make sure that the script was actually being run ok. I expected it to write to the file when ever the script was called. But perhaps Squid didn't have permissions to write to that file? I originallly tried outputing the $DOMAIN1 variable to file so I could see what was in it. So much for my debugging. ;-) Many thanks for your help so far Matthias. I will have a go at the commandline debugging very soon. I look forward to your reply at the weekend. :-) regards, grolschie.
