Search squid archive

squid+ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Guys

Scenario:
Gnu Linux Debian 3.1 + squid 2.5.9-10sarge2

Using nsca_auth works like a charm, but now I intend to move everything
to LDAP and I can't authenticate against it.

see below from squid machine:

a) squid:~# /usr/lib/squid/ldap_auth -b  "dc=xxx,dc=com,dc=br"  -f "uid=
% s"  -h 130.0.150.2
pauloric pauloric
OK

cool it's working


b) squid # ldapsearch -x -v -LLL -h 130.0.150.2 uid=pauloric
ldap_initialize( ldap://130.0.150.2 )
filter: uid=pauloric
requesting: ALL
dn: uid=pauloric,ou=Users,dc=xxx,dc=com,dc=br
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
sambaHomePath: \\hercules\pauloric
sambaProfilePath: \\hercules\profiles\pauloric
sambaLogonScript: login.bat
sambaDomainName: ldap
sambaHomeDrive: H:
sambaKickoffTime: 1893463200
sambaPrimaryGroupSID: S-1-5-21-3669424169-3094637634-1452395766-513
sambaAcctFlags: [U          ]
displayName: pauloric
sambaPwdLastSet: 1179842737
sambaSID: S-1-5-21-3669424169-3094637634-1452395766-3002
shadowExpire: 21915
homeDirectory: /home/pauloric
loginShell: /bin/bash
gidNumber: 513
uid: pauloric
cn: pauloric
uidNumber: 1001
sn: pauloric
shadowLastChange: 13677

ok I can locate myself at LDAP

c) from squid.conf:
auth_param basic program /usr/lib/squid/ldap_auth -b
"dc=xxx,dc=com,dc=br" -f "uid=%s"  -h 130.0.150.2
auth_param basic children 10
auth_param basic realm Squid proxy-caching squid.xxx.com.br
auth_param basic credentialsttl 2 hours

auth_param basic
program /usr/lib/squid/ncsa_auth /etc/admwebuser/squidusers.passwd
auth_param basic children 10
auth_param basic realm Squid proxy-caching squid.xxx.com.br
auth_param basic credentialsttl 2 hours


d) from ldap machine trying to autenticate myself via lynx :

Usuário de 'Squid proxy-caching squid.xxx.com.br' em proxy
'130.0.100.202:3128': pauloric
Senha: ********
Falha na autorização. Repetir? (s/n)

squid# tail -f /var/log/squid/access.log| grep 130.0.150.2
1181911584.377      8 130.0.150.2 TCP_DENIED/407 1832 GET
http://www.terra.com.br/ - NONE/- text/html
1181911865.372     22 130.0.150.2 TCP_DENIED/407 1832 GET
http://www.terra.com.br/ pauloric NONE/- text/html


PS tried 3 times and checked my password.

Where Am I wrong ??

Thanks in advanced

-- 
Paulo Ricardo Bruck - consultor
Contato Global Solutions
tels 011 5031-4932 5034-1732 9235-4327(cel)
http://www.contato.com.br

Attachment: signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux