Hi, I'm running squid (Squid Cache version 2.5.STABLE10-NT) on a Windows 2003 server. I'm having trouble with the authentication helper program starting properly. >From the command line I can run squid_ldap_group.exe against Active Directory and receive ERR for bad input, and OK for good input, for example: >C:\squid\libexec\squid_ldap_group.exe -b DC=MyCompany,DC=com -D CN=adquery,OU=MySite,DC=MyCompany,DC=com -w adqpassword -f &(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=MyCompany,dc=com)) adserver.mycompany.com >validUserName badGroup >ERR >validUserName ProxyAllowed >OK When if copy that working line into the squid.config file as below: >external_acl_type ldap_group %LOGIN C:\squid\libexec\squid_ldap_group.exe -b DC=MyCompany,DC=com -D CN=adquery,OU=MySite,DC=MyCompany,DC=com -w adpassword -f &(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=MyCompany,dc=com)) adserver.mycompany.com >acl Proxy_Allowed external ldap_group ProxyAllowed >http_access allow Proxy_Allowed I see this in my cache.log -------------------------------------------------------------------------------------------------- 2005/09/07 17:30:12| helperOpenServers: Starting 5 'C:\squid\libexec\squid_ldap_group.exe' processes squid_ldap_group version 2.17-2.5 Usage: squid_ldap_group -b basedn -f filter [options] ldap_server_name -b basedn (REQUIRED) base dn under where to search for groups -f filter (REQUIRED) group search filter pattern. %v = user, %a = group -B basedn (REQUIRED) base dn under where to search for users -F filter (REQUIRED) user search filter pattern. %s = login -s base|one|sub search scope -D binddn DN to bind as to perform searches -w bindpasswd password for binddn -W secretfile read password for binddn from file secretfile -h server LDAP server (defaults to localhost) -p port LDAP server port (defaults to 389) -P persistent LDAP connection -c timeout connect timeout -t timelimit search time limit -R do not follow referrals -a never|always|search|find when to dereference aliases -v 2|3 LDAP version -Z TLS encrypt the LDAP connection, requires LDAP version 3 -g first query parameter is base DN extension for this query -S Strip NT domain from usernames If you need to bind as a user to perform searches then use the -D binddn -w bindpasswd or -D binddn -W secretfile options squid_ldap_group version 2.17-2.5 ...same as above 4 more times... ---------------------------------------------------------------------------------------------------- So far I've tried the squid.config file in dos format as well as UNIX format, and I've tried numerous combinations of " and ' around the squid_ldap_group.exe and its parameters. so far all have the same result, it's like no switches are being passed to squid_ldap_group.exe any suggestions would be greatly appreciated, thanks in advance for your time. Todd
