Dear Squid-Users, I would like just to ask a bit of help regarding squid_ldap_group. I tried with success the helper from commandline about a match between a user and a group and everything works perfectly. Now, using the same set in squid.conf, it shows me in the log that the helpers are crashing too quick. My question are: 1) I need absolutely to authenticate first with squid_ldap_auth or I could leave the ntlm_auth at the beginning and use only squid_ldap_group to check the membership in a ldap group? 2) at the definition of the external acl i set "%LOGIN", but to squid_ldap_group what squid pass? 3) Why in the squid logs for each squid_ldap_group opened show me the list with the options?and why it shows me that the -F and -B options are required if from commandline works perfectly and are not requested? I attach here the part with my configuration and (following) the logs: squid. conf #about squid_ldap_group external_acl_type squid_ldap children=20 % LOGIN c:/squid/libexec/squid_ldap_group.exe -R -v "3" -s "sub" -b "dc=kxxxx, dc=org" -f "(&(objectClass=person)(sAMAccountName=%v) (memberOf=cn=%a,ou=Gruppen,ou=User F\\+E,dc=xx,dc=kxxxx,dc=org))" -d - D "squidadmin" -w "xxxxx" -S -K -h "kxdcrt02.kxxxx.org" -p "3268" then the right acl with the group and the setting of the access for those. >From commandline it returns me an OK but in the running of squid the helpers crash (I already tried to push up the number of children but doesn´t help!) I tried than to make the first authentication with squid_ldap_auth. auth_param basic program c: /squid/libexec/squid_ldap_auth.exe -R -v "3" -s "sub" -b "dc=kxxxx, dc=org" -f "sAMAccountName=%s" -d -D "squidadmin" -w "xxxxxx" -h "kxdcrt02.kxxxx.org" -p "3268" but when the login box appears and I give my credential or other, simply it remains charging the page and after a while give me back the loginbox without show me the webpage. Here I put also the logs: squid_ldap_group version 2.17 Usage: squid_ldap_group -b basedn -f filter [options] ldap_server_name -b basedn (REQUIRED) base dn under where to search for groups -f filter (REQUIRED) group search filter pattern. %v = user, %a = group -B basedn (REQUIRED) base dn under where to search for users -F filter (REQUIRED) user search filter pattern. %s = login -s base|one|sub search scope -D binddn DN to bind as to perform searches -w bindpasswd password for binddn -W secretfile read password for binddn from file secretfile -h server LDAP server (defaults to localhost) -p port LDAP server port (defaults to 389) -P persistent LDAP connection -c timeout connect timeout -t timelimit search time limit -R do not follow referrals -a never|always|search|find when to dereference aliases -v 2|3 LDAP version -Z TLS encrypt the LDAP connection, requires LDAP version 3 -g first query parameter is base DN extension for this query -S Strip NT domain from usernames -K Strip Kerberos realm from usernames If you need to bind as a user to perform searches then use the -D binddn -w bindpasswd or -D binddn -W secretfile options 2008/08/07 15:38:01| logfileOpen: opening log c:/squid/var/logs/access. log 2008/08/07 15:38:01| Unlinkd pipe opened on FD 308 2008/08/07 15:38: 01| Swap maxSize 102400 KB, estimated 7876 objects 2008/08/07 15:38:01| Target number of buckets: 393 2008/08/07 15:38:01| Using 8192 Store buckets 2008/08/07 15:38:01| Max Mem size: 8192 KB 2008/08/07 15:38: 01| Max Swap size: 102400 KB 2008/08/07 15:38:01| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2008/08/07 15:38:01| logfileOpen: opening log c:/squid/var/logs/store.log 2008/08/07 15:38: 01| Rebuilding storage in c:/squid/var/cache (CLEAN) 2008/08/07 15:38: 01| Using Least Load store dir selection 2008/08/07 15:38:01| Set Current Directory to c:/squid/var/cache 2008/08/07 15:38:01| Loaded Icons. 2008/08/07 15:38:01| Accepting accelerated HTTP connections at 172.16.30.18, port 8080, FD 314. 2008/08/07 15:38:01| Accepting HTCP messages on port 4827, FD 315. 2008/08/07 15:38:01| Accepting SNMP messages on port 3401, FD 316. 2008/08/07 15:38:01| Configuring Parent 172.16.30.16/8123/0 2008/08/07 15:38:01| Ready to serve requests. 2008/08/07 15:38:01| Done reading c:/squid/var/cache swaplog (0 entries) 2008/08/07 15:38:01| Finished rebuilding storage from disk. 2008/08/07 15:38:01| 0 Entries scanned 2008/08/07 15:38: 01| 0 Invalid entries. 2008/08/07 15:38:01| 0 With invalid flags. 2008/08/07 15:38:01| 0 Objects loaded. 2008/08/07 15:38:01| 0 Objects expired. 2008/08/07 15:38: 01| 0 Objects cancelled. 2008/08/07 15:38:01| 0 Duplicate URLs purged. 2008/08/07 15:38:01| 0 Swapfile clashes avoided. 2008/08/07 15:38:01| Took 0.1 seconds ( 0.0 objects/sec). 2008/08/07 15:38:01| Beginning Validation Procedure 2008/08/07 15:38: 01| Completed Validation Procedure 2008/08/07 15:38:01| Validated 0 Entries I would be really happy to have any advice from you. Thanks in advance Antonio
