-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/12/2014 11:28 a.m., Bert wrote: > Man I just can't seem to make this work. I followed this guide: > > http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy > > > and everything went well but as soon as I get to the > squid_ldap_group test I get nothing back, or the second time I hit > enter it returns a "invalid entry" error. > > /usr/lib/squid3/squid_ldap_group -R -K -S -b "dc=example,dc=local" > -D squid@example.local -W /etc/squid3/ldappass.txt -f > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=Security > > Groups,ou=MyBusiness,dc=example,dc=local))" -h dc1.example.local > EXAMPLE\Username Internet%20Users%20Standard > > Can anyone tell me what to look for as far as testing? I have run > this test with debug -d but that doesn't seem to return anything. > My understanding of the command above is it's taking the basedn and > a user name that I have setup and created a password for and > attempting to query the AD server that is listed after the -h > option. The part of the line I don't understand is cn=%g. No idea > what might be plugged in there as "g" is not initialized anywhere. %g is the group name being looked up. acl .. external groupName1 groupName2 ... > Based on the options returned after squid_ldap_group I think I get > what's going on and the last two entries on the line are the > queried username against the security groups I created in AD and > the user I have been testing is a member of the internet users > group. This seems pretty straight forward but I get nothing and so > this query is basically the same in the squid.conf so if it doesn't > work here it's obviously not going to work from a browser. > The tutorial is a bit broken. Firstly, it does not explain the "bug" causing group names to have to be in files loaded by Squid external ACL is that the squid.conf parser uses whitespace as reserved characters delimiting words. The normal ACL syntax is: acl foo external memberof Group1Name Group2Name ... It then recommends that -f parameter which contains whitespace directly in squid.conf... You need to replace "Security Groups" with "Security\ Groups" and if that does not work by itself upgrade to a current Squid version. Squid-3.4 or later should accept \-escapes in quoted strings. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUkpf3AAoJELJo5wb/XPRjLHAH/RhYmHXjlZFPPGzd02VpILIE aVTacnsnauzQeLIUNH+EWjU5wCDN9byPE7kjC/h7yo3f1cirV2UIR7vw7s12SkVH BWBNzdhNGe5uQsJ6al33USYKUeuVxdVhMJs6orJAQWzxgRK8xqktJFcDSivv+opN 5HmKXqBK4S1sXtGDzybu6lJzRC/ycZMAuDjT2Mbs5pF/Pw5eQd0KW9A5RE9DQT6q HkCQl9B7HDhiYs0hMVVc7ayjcg//r+BVqI1Y5uEl+/AaUqkYjlQqiQG/Y+Ls2HrX YIq2n6fzvrzSpE0drac7iyIM6RyGQ4Fh7LkCS8ae9mBNFI4nAZXYnldseReKVJA= =e4Co -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
