Hi everyone :-), I'm having some problems configuring Squid to authenticate with LDAP. I first of all started by testing these commands in the command line: /usr/lib64/squid/squid_ldap_auth -b "dc=example,dc=com,dc=au" -D "cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f sAMAccountName=%s -h 192.168.10.254 > myaccountname mypassword /usr/lib64/squid/squid_ldap_group -b "dc=example,dc=com,dc=au" -D "cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=example,dc=com,dc=au))" -h 192.168.10.254 >myaccountname InternetAllowGroup To which, both return "OK" and "ERR" whenever I put in a wrong password/group etc so I believe that to be working. Now I've modified squid.conf as follows (obviously with most snipped out): TAG: auth_param auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "dc=example,dc=com,dc=au" -D "cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f sAMAccountName=%s -h 192.168.10.254 auth_param basic children 5 auth_param basic realm Example auth_param basic credentialsttl 2 hours TAG: external_acl_type external_acl_type InetGroup %LOGIN /usr/lib64/squid/squid_ldap_group -b "dc=example,dc=com,dc=au" -D "cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=example,dc=com,dc=au))" -h 192.168.10.254 external_acl_type InetDenyGroup /usr/lib64/squid/squid_ldap_group -b "dc=example,dc=com,dc=au" -D "cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=example,dc=com,dc=au))" -h 192.168.10.254 TAG: acl acl InetAccess external InetGroup InternetAllowGroup acl InetDenyAccess external InetDenyGroup InternetDenyGroup acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localnet proxy_auth REQUIRED src 192.168.10.0/255 TAG: http_access # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS http_access allow InetAccess http_access deny InetDenyAccess (Note also that Safe_ports are set to allow) I think that is everything I had to do. However, when I set up my browser with the proxy, type in my username and password it just keeps rejecting me. I have no idea what else to try. It has to be something to do with the squid.conf but I have no idea what. Any help would be much appreciated, thankyou. -- View this message in context: http://www.nabble.com/Squid-LDAP-Authentication-Problems-tf4716128.html#a13481648 Sent from the Squid - Users mailing list archive at Nabble.com.
