Hi there,
Here is a solution that would work. You could call a custom script from
your squid.conf e.g.
auth_param basic program /etc/squid/my_custom_script.sh
auth_param basic children 5
auth_param basic realm Squidward Proxy
auth_param basic credentialsttl 5 hours
My script goes something like this
#!/bin/sh
# read from stdin until EOF is received
while read INP; do
# Use username and password to authenticate against AD domain number
1
DOMAIN1=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)
# User username and password to authenticate against AD domain
number 2
DOMAIN2=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)
# If username and password is correct for either domain, output "OK"
if [ "$DOMAIN1" == "OK" ]; then
echo "OK"
elif [ "$DOMAIN2" == "OK" ]; then
echo "OK"
else
echo "ERR"
fi
done
The above script authenticates against one domain, and if fails it tries
the other domain. You could modify the second lookup in this script to
check against a plaintext file instead of a 2nd domain. Instead of
calling ldap_auth the 2nd time, call another custom script (call it
plaintext_check.sh or something) that checks the username and password
against a plaintext file and returns OK or ERR accordingly to the first
script (above). Modify above line to call your 2nd script:
DOMAIN2=`echo $INP | /usr/share/custom_scripts/plaintext_check.sh`
Non-standard, but you could get it to work if you can write shell
scripts..
D.Radel.
----- Original Message -----
From: "Mark Elsen" <mark.elsen@xxxxxxxxx>
To: "Paolo Biancolli" <paolob@xxxxxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, January 11, 2006 10:09 PM
Subject: Re: Squid Authentication Methods
Hi all,
Is it possible to authenticate using a flat text file as well as using
MS
Active Directory? We are currently rolling out AD and may need to have
2
different authentication methods.
I presume "as well" means that if the user is not in AD,look it up
in the flat tx file.
It doesn´t x work that way.When both schemes are configured , the
browser will use the strongest auth. scheme as a SINGLE source for
the current auth. request.
M.