On 29.02.2012 01:51, Erwann Pencreach wrote:
Hi,
I don't really understand the trick with the Id, but I'll have a look
at it
Its a concurrency support. Allowing Squid to schedule more than one
lookup at a time for the helper. You then add concurrency=N with some N
value greater than 1 for the number of requests for Squid to queue.
I wrote this script, because I wasn't able to get authentication
information from distant client or distant samba pdc (All tricks I
have
found are for an configuration where Squid is on the same host as the
pdc). Password doesn't matter, but username is mandatory. When I have
username, I have some ldap checks to do, some whitlist and blacklist
to
check.
Something seems wrong there.
For Squid lookup helpers to validate credentials the only requirement
is that the backend accept validation requests from them. In the PDC
case there may be some security around which servers are allowed to
lookup user credentials, you need to ensure the Squid box (IP? security
token?) is in that accepted set. It sounds to me like the default
security at the PDC is for the localhost connections to be accepted, but
not external servers.
Certain of the Squid lookup helpers do need certain tools from Samba to
be installed (ntlm_auth or winbind or smbclient) in order to run. But
those tools are not the PDC, only other types of lookup helper.
Amos
