Search squid archive

Native Kerberos (squid_kerb_auth) with LDAP-Fallback (squid_ldap_auth)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

I've implemented a native kerberos-authentication with squid_kerb_auth
and squid_kerb_ldap to query ad-group-memberships. This works fine.
I'm trying to implement a fallback-mechanism with squid_ldap_auth.

But the squid_ldap_auth-fallback is not working. My config looks like this:
auth_param negotiate program /usr/local/squid/libexec/squid_kerb_auth -i
auth_param negotiate children 50
auth_param negotiate keep_alive on
external_acl_type SQUID_KERB_LDAP ttl=3600 negative_ttl=3600 %LOGIN
/usr/local/squid_kerb_ldap/bin/squid_kerb_ldap -d -g "InternetUsers"
acl INTERNET_ACCESS external SQUID_KERB_LDAP

external_acl_type SQUID_DENY_KERB_LDAP ttl=3600 negative_ttl=3600
%LOGIN /usr/local/squid_kerb_ldap/bin/squid_kerb_ldap -d -g
"DenyInternetUsers"
acl DENY_INTERNET_ACCESS external SQUID_DENY_KERB_LDAP


# LDAP-Fallback
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R
-v 3 -b "dc=xx,dc=yy" -D "cn=binduser,dc=xx,dc=yy" -w "something" -f
"(&(&(objectClass=Person)(sAMAccountName=%s))(memberOf=cn=InternetUsers,DC=xx,DC=yy))"
-c 3 -h ldaps://xx.xx.xx.xx -h ldaps://xx.xx.xx.xx
auth_param basic children 20
auth_param basic realm "Internet Access"
auth_param basic credentialsttl 2 hour
acl INTERNET_ACCESS_LDAP proxy_auth REQUIRED

http_access deny DENY_INTERNET_ACCESS
http_access allow INTERNET_ACCESS
http_access allow INTERNET_ACCESS_LDAP



How do I have to implement the fallback-ldap? Do I need the
"external_acl"-directive? Can I realise the fallback-mechanism also
with squid_kerb_ldap?

Thanks a lot.
Kind regards,
Tom


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux