Squid problem when authenticate with AD

"Phan...... tom" <phan2525@xxxxxxxxxxx> · Tue, 20 Feb 2007 01:47:09 +0000

Dear squid users,

    I have some problem about squid when it authenticate with Active 
Directory.Now I use squid 2.5 STABLE9 and I have a plan to upgrade to 2.6 
STABLE9 in the near future. Now I'm testing squid2.6 to authenticate with 
Active Directory. It look like a great option for admin to see that who 
access to internet but after I test, I stuck with some problem. My company 
have 2 domain in office. When I use squid to authenticate 1 domain,it's look 
good and no problem. But when I add to domain in squid.conf and use squid to 
authenticate 2 domain at the same time, it's only looking for the latest 
domain that I put into squid.conf. So my question is "Can squid authenticate 
2 domain at the same time? If yes, How? Is it different from authenticate 1 
domain?". Here is some squid.conf
setting

#My first AD ip is 172.16.1.1/16 (testzone.local)
#My second AD ip is 172.31.1.1/16 (testdom.local)

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b 
"dc=tes
tzone,dc=local -D "cn=administrator,cn=Users,dc=Testzone,dc=local" -w 
"password"
-f sAMAccountName=%s -h 172.16.1.1

external_acl_type InternetGrp_test %LOGIN 
/usr/local/squid/libexec/squid_ldap_g
roup -R -b "dc=testzone,dc=local" -D 
"cn=administrator,cn=Users,dc=Testzone,dc=l
ocal" -w "password" -f 
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a
,ou=Internet,dc=Testzone,dc=local))" -h 172.16.1.1

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b 
"dc=tes
tdom,dc=local -D "cn=administrator,cn=Users,dc=Testzone,dc=local" -w 
"password"
-f sAMAccountName=%s -h 172.31.1.1

external_acl_type InternetGrp_test2 %LOGIN 
/usr/local/squid/libexec/squid_ldap_g
roup -R -b "dc=testdom,dc=local" -D 
"cn=administrator,cn=Users,dc=Testzone,dc=l
ocal" -w "password" -f 
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a
,ou=Internet,dc=Testzone,dc=local))" -h 172.31.1.1

acl Internet_TEST external InternetGrp_test InternetGroup
acl Internet_TEST2 external InternetGrp_test2 InternetGroup
#InternetGroup is a group on each AD that I put the person who can access to 
internet

http_access allow Internet_TEST
http_access allow Internet_TEST2

_________________________________________________________________
Find what you need at prices you?ll love. Compare products and save at MSN® 
Shopping. 
http://shopping.msn.com/default/shp/?ptnrid=37,ptnrdata=24102&tcode=T001MSN20A0701