Mine is this auth_param basic program /usr/lib64/squid/squid_ldap_auth -b DC=XXX,DC=XXX -D admin@XXX -w Elmasmejor3567 -f sAMAccountName=%s -h XXX.XXX.XXX.XXX. 1 -s sub -p 389 -v 3 -P -O -R auth_param basic children 25 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off > Hi All > I've been trying to get squid to authenticate against Active Directory > as well as deny access to users in a security group. I have not been > able to get this to work reliably. This is what I have done so far. > > In squid.conf, I have these entries > > auth_param basic program /usr/local/libexec/squid/ > squid_ldap_auth -R -b "dc=atlas,dc=local" -v 2 -D > "cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f > sAMAccountName=%s -h 192.168.2.90 > auth_param basic children 5 > auth_param basic realm Atlas Protection > auth_param basic credentialsttl 5 minutes > > external_acl_type InetGroup %LOGIN > /usr/local/libexec/squid/squid_ldap_group -R -b "dc=my,dc=domain" -v 2 > -D "cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f > "(&(objectclass=person)(sAMAccountName=%v) > (memberof=cn=%a,dc=my,dc=domain))" -h 192.168.2.90 > > acl domain_name proxy_auth REQUIRED src 192.168.2.0/24 > http_access allow domain_name > http_access allow localhost > acl InetAccess external InetGroup nointernet > http_access deny InetAccess > > I created a security group in AD and put several users in. When these > users try to log on, they get the popup bix to log on but even when > they are in the nointernet group, they can still get on. I am at a > loss. Can anyone please point out what I am doing wrong or help me > with troubleshooting this? > > Thanks. On Wednesday 12 November 2008 10:40:39 Peter Fraser wrote:
