Hi Your ldap authentication statement is incomplete. Please have a look at the examples and before you put them into squid.conf, please make sure they are fine by running them from a shell prompt as how you did and you must get OK instead of ERR. >From your statement it’s missing the -h option and a binding user/password options too (if the ldap server doesn’t allow anonymous queries) please have a look at the following examples http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory Regards Babs --- Ángel Prieto <angel.prieto@xxxxxxxxxxxxxxx> wrote: > Hello, I've configured my squid to authenticate with > ldap, but when > browser prompt the user and password window i write > it and get no > answer, the squid access.log file shows it: > 1116840548.325 6 10.0.20.113 > TCP_DENIED/407 1706 GET http://www.google.es/ > pprueba3 NONE/- text/html > > and when I write in shell this command # > /usr/lib/squid/squid_ldap_auth > -b "ou=People,dc=prueba,dc=com" 10.0.21.100 > pprueba3 > ERR > > That is what i get. > > Can you help me? > These are the options I have in squid.conf > > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > > auth_param basic program > /usr/lib/squid/squid_ldap_auth -b > "ou=People,dc=prueba,dc=com" 10.0.21.100 > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web > server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > > acl password proxy_auth REQUIRED > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > http_access allow password > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > acl our_networks src 10.0.16.0/20 > http_access allow our_networks > http_access allow localhost > http_access deny all > http_reply_access allow all > icp_access allow all > > > coredump_dir /var/spool/squid > > > THANKS. > > -- > Angel Prieto > angel.prieto@xxxxxxxxxxxxxxx > SINERGIA TECNOLÓGICA > C/ Almirante Churruca > > 30007 Murcia > TEL. 968 270 624 Fax. 968 231 501 > www.sinergiatec.com > __________________________________________ > > La información incluida en el presente correo > electrónico es CONFIDENCIAL, siendo para el uso > exclusivo del destinatario arriba mencionado. Si > usted lee este mensaje y no es el destinatario > señalado, el empleado o el agente responsable de > entregar el mensaje al destinatario, o ha recibido > esta comunicación por error, le informamos que está > totalmente prohibida cualquier divulgación, > distribución o reproducción de esta comunicación, y > le rogamos que nos lo notifique, nos devuelva el > mensaje original a la dirección arriba mencionada y > borre el mensaje. Gracias. > __________________________________________ > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
