Search squid archive

RE: Pb ldap with SquidNT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jerome,

At 10.56 26/06/2006, Jerome wrote:

OK Guido !

>You need two components for user authentication /authorization:
>
>- An authentication helper for USER AUTHENTICATION, this could be
win32_auth.exe (basic authentication) or win32_ntlm_auth.exe (NTLM
>authentication)

Why I can't use the squid_ldap_auth.exe for authentification ?

win32_auth is more simple to use in a Windows domain.

I can't use the win32_auth.exe because squid is not on the same server like
my AD... Or I don't understand how win32_auth.exe running... ;-)

The second ... :-)

It's very simple (assuming that your squid machine is MEMBER of your AD):

You must use the "domain\user" notation for the username.

>- An External ACL helper for Windows group based USER AUTHORIZATION, this
could be win32_check_group.exe (native Windows groups)

I have tested win32_check_group.exe in commande line and it work !! OK !

>What you don't need is the local group support of win32_auth.exe.

Have you an example of authentifiaction/authorization with win32_auth.exe or
other for a AD and squidNT running on 2 differents servers ?

Yes:

auth_param basic program c:/squid/libexec/win32_auth.exe
auth_param basic children 2
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

external_acl_type NT_global_group %LOGIN c:/squid/libexec/win32_check_group.exe -G

acl ProxyUsersMember external NT_global_group ProxyUsers
acl password proxy_auth REQUIRED
acl our_networks src 172.30.0.0/16

http_access allow password our_networks ProxyUsersMember

http_access deny all

In the previous example, only the domain users member of the Domain GLOBAL Group "ProxyUsers" are allowed to use the proxy when the request comes from the 172.30.0.0/16 subnet.

You need to run Squid on a machine member of the AD Domain: it's a prerequisite for win32_auth and win32_check_group.

Regards

Guido



-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1           10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135  Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it/


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux