Did you edit the auth_param section to use the squid_ldap_group? If you did send me a copy of your conf file and I will compare it to mine and make the necessary adjustments. Also one thing that I noticed when I did it is that the user group should be under the User cn and not under any OU, for some or other reason it did not accept the OU's also make sure to specify the correct AD group and that all the variables are correct. Janco v.d Merwe Network Administrator Dunns Stores (PTY) Ltd Switchboard: 011 541 3000 Direct: 011 541 3007 Fax: 086 632 1708 -----Original Message----- From: Saqib Khan (horiba/eu) [mailto:saqib.khan@xxxxxxxxxx] Sent: 06 September, 2006 15:09 To: Janco van der Merwe Cc: squid-users@xxxxxxxxxxxxxxx Subject: Antwort: RE: [squid-users] Squid LDAP Group authentication No still the same. I still can use any user to access internet. Here is my conf accoding to your suggestion:- external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b "dc=test,dc=eu" -D "cn=test,cn=Users,dc=test,dc=eu" -w "test" -f " (&(objectclass=person)(sAMAccountName=%v)(memberof=cn=Testgroup, ,OU=Testgroup,OU=Users,dc=test,dc=eu))" -h xxx.xxx.xxx.xxx acl ldap proxy_auth REQUIRED acl Localnet external Internet Testgroup http_access allow ldap Localnet Safe_ports Best Regards, Saqib |-----------------------------+-------------------------------------------| | "Janco van der Merwe" | | | <jvdmerwe@xxxxxxxxxxx> | | | | An| | 06.09.2006 14:19 | "Saqib | | | Khan | | | (horiba/eu| | | )" | | | <saqib.kha| | | n@xxxxxxxx| | | om>, | | | "squid-use| | | rs@squid-c| | | ache.org" | | | <squid-use| | | rs@squid-c| | | ache.org> | | | Kopie| | | | | | Thema| | | RE: | | | [squid-use| | | rs] Squid | | | LDAP Group| | | authentica| | | tion | | | | | | | | | | | | | | | | | | | |-----------------------------+-------------------------------------------| Under “TAG: auth_param” section enter the following auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=dunns,dc=co,dc=za" -D "cn=ldapreader,cn=users,dc=mydomain,dc=com" -w "ldappassword" -f sAMAccountName=%s -h xxx.xxx.xxx.xxx Under “TAG: external_acl_type” section enter the following external_acl_type internetusergroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=mydomain,dc=com" -D "cn=ldapreader,cn=Users,dc=mydomain,dc=com" -w "ldappassword" -f "(&(objectclass=person)(sAMAccountName =%v)(memberof=cn=internetusers, ,OU=xxx Groups,OU=xxx,dc=mydomain,dc=com))" -h xxx.xxx.xxx.xxx acl ldappassword proxy_auth REQUIRED acl internetgroup external internetusergroup internetusers http_access allow ldappassword internetgroup Safe_ports This works Janco v.d Merwe Network Administrator Dunns Stores (PTY) Ltd Switchboard: 011 541 3000 Direct: 011 541 3007 Fax: 086 632 1708 -----Original Message----- From: Saqib Khan (horiba/eu) [mailto:saqib.khan@xxxxxxxxxx] Sent: 06 September, 2006 13:47 To: squid-users@xxxxxxxxxxxxxxx Subject: Squid LDAP Group authentication Dear all, I am having some configuration problems with squid_ldap_group authentication. I created a Testgroup namely "Testgroup" in AD containing a test user. But If i use a user which is not a member of that group, i still can access the internet. Here is my squid configuration:- Tag:external_ACL external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b "dc=test,dc=com" -D "cn=test,cn=Users,dc=horiba,dc=eu" -w "test1" -f " (&(objectclass=person)(sAMAccountName=%v)(memberof=cn =%a,cn=Testgroup,cn=Users,dc=test,dc=com))" -h xxx.xxx.xxx.xxx Tag:ACL acl Localnet external Internet Testgroup Tag:http_access http_access allow Localnet Best Regards, Saqib ____________________________________________________________________________ This communication and any attachments are confidential and intended for the sole use of the intended recipient. Any form of copying or disclosure of this communication to any third parties without permission is prohibited. The contents of this communication and its attachments are not intended to be relied upon in law without subsequent written confirmation. As such, Dunns Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences of anyone acting, or not acting, on information contained therein. If you have received this communication in error please notify us immediately and destroy or delete it. ____________________________________________________________________________ ____________________________________________________________________________ This communication and any attachments are confidential and intended for the sole use of the intended recipient. Any form of copying or disclosure of this communication to any third parties without permission is prohibited. The contents of this communication and its attachments are not intended to be relied upon in law without subsequent written confirmation. As such, Dunns Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences of anyone acting, or not acting, on information contained therein. If you have received this communication in error please notify us immediately and destroy or delete it. ____________________________________________________________________________
