On 12/02/2015 1:35 a.m., Rich549 wrote: > *Ok, I've made all of the advised changes and it still didn't work. > > I've just tried pasting my helper command into command prompt and it just > seems to hang. I tried the following:* > The helper takes -b string as the base DN and appends the dynamic -f string to it. You have configured this as the ACL test: # Allow Members of Internet Users To Anywhere Not Explicitly Denied acl InetAllow external internet_domain_group Internet_Users So the "Internet_Users" is the name of the group being checked for using the internet_domain_group helper. %g will always be "Internet_Users" when testing this ACL, %u will change with each user login as its their username value. > ----- > D:\Squid>d:/Squid/lib/squid/ext_ldap_group_acl.exe -d -S -b > "ou=Domain_Groups,dc=domain-uk,dc=com" -f %g=Internet_Users -h > srvham09.domain-uk.com > That queries server srvham09.domain-uk.com for: ou=Domain_Groups,dc=domain-uk,dc=com,Internet_Users=Internet_Users > D:\Squid>d:/Squid/lib/squid/ext_ldap_group_acl.exe -d -S -b > "ou=Domain_Groups,dc=domain-uk,dc=com" -f Internet_Users -h > srvham09.domain-uk.com That queries server srvham09.domain-uk.com for: ou=Domain_Groups,dc=domain-uk,dc=com,Internet_Users > > D:\Squid>d:/Squid/lib/squid/ext_ldap_group_acl.exe -d -b > "ou=Domain_Groups,dc=domain-uk,dc=com" -f %u "Internet_Users" -h > srvham09.domain-uk.com -f only takes one argument so that queries servers Internet_Users and srvham09.domain-uk.com for: ou=Domain_Groups,dc=domain-uk,dc=com,<username> > > D:\Squid>d:/Squid/lib/squid/ext_ldap_group_acl.exe -d -b > ou=Domain_Groups,dc=domain-uk,dc=com -f %u %g=Internet_Users -h > srvham09.domain-uk.com -f only takes one argument so that queries servers %g=Internet_Users and srvham09.domain-uk.com for: ou=Domain_Groups,dc=domain-uk,dc=com,Internet_Users=Internet_Users > > D:\Squid>d:/Squid/lib/squid/ext_ldap_group_acl.exe -v 2 -d -b > ou=Domain_Groups,dc=domain-uk,dc=com -f Internet_Users -h > srvham09.domain-uk.com That queries server srvham09.domain-uk.com using LDAPv2 for: ou=Domain_Groups,dc=domain-uk,dc=com,Internet_Users Do any of the above LDAP syntaxes look right to you? I suspect you want some code like ou=%g in the filter. Only you know what the actual AD directory structure is, and I'm not very clued up on what the LDAP kv-pairs mean sorry. So that is just a guess that I hope will point you in the right direction. > ----- > > *I'm also seeing the following in the cache.log each time I try to access a > webpage as a user who is a member of Internet_Users, is this anything to be > concerned about?* > ---- > 2015/02/11 12:21:47 kid1| helperOpenServers: Starting 1/80 'ntlm_fake_auth' > processes Squid starts helpers incrementally as they are needed nowdays. You can expect 80 of those mostly when you restart Squid. Messages about dying helpers are the sign of problems. > 2015/02/11 12:21:47 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument Thats okay, I think. Squid is attempting to drop security privileges but can't. Some OS seem to do it automatically then complain when its done explicitly. > ---- > > *And now, just to top things off I have errors in the cache.log stating:* > > d:/Squid/lib/squid/ext_ldap_group_acl.exe: (6) No such device or address That is a OS error being hit by the helper. Probably when it tries to contact the LDAP servers "Internet_Users" or "%g=Internet_Users" in your tests above. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
