On 26/02/2015 1:22 a.m., Mark Monaghan wrote: > Hi All, > > I'm wondering if anyone can help me with the following issue I'm having getting various non-domain devices (mainly tablets, but some non-domain windows and apple mac computers) working with the basic_ldap_auth helper. I've had a good search of the mailing list, as well as a huge trawl of the internet, but I cannot get the helper to work within squid, and all information points to the fact that I've got the command set up as it should be. > > > Testing on the command line works perfectly, with the helper > returning the correct information. As soon as I attempt to do the same through squid, it fails, returning technically nothing. > > > I've even attempted different versions, from 3.2 right through to > the latest 3.5, just in case there was a bug with one of the builds on the helper. All have the same result. > > > In production, I've got the proxy working with domain devices via kerberos authentication perfectly, but the basic ldap authentication fails. So I've got a development system where the config has been stripped right back to check the LDAP authentication, and the results are the same, so I know that I'm not having problems with any other authentication method failover. > > > If I put the following line on the cli, then a domain username and password, everything returns normally: > > > /usr/lib64/squid/basic_ldap_auth -d -v 3 -R -b "dc=domain,dc=com" -D "CN=KerbAuth,OU=ServiceAccounts,DC=domain,DC=com" -W /etc/squid/kerbauth -f sAMAccountName=%s -u uid -h windows2012r2.domain.com > > Output: > > > ctest ctest3 > basic_ldap_auth.cc(684): pid=20130 :user filter 'sAMAccountName=ctest', searchbase 'dc=domain,dc=com' > basic_ldap_auth.cc(739): pid=20130 :attempting to authenticate user 'CN=Test User,OU=Dept1,OU=Dept2,OU=Dept3,OU=Dept4,OU=Company,DC=domain,DC=com' > OK > > However, when used within the squid.conf file, when a user attempts to authenticate, the output in the cache.log is this: > > basic_ldap_auth.cc(684): pid=20006 :user filter 'sAMAccountName=0', searchbase 'dc=domain,dc=com' > basic_ldap_auth.cc(706): pid=20006 :Ldap search returned nothing > > > I'm at a complete loss as to what to do next. That helper does not support concurrency. Your test works because it is not testing what Squid is sending, but what the helper actually expects. Squid is sending it "0 ctest ctest3" ... "channel-ID username password". The relevant config line is: > auth_param basic children 80 startup=20 idle=10 concurrency=2 Should be: auth_param basic children 80 startup=20 idle=10 concurrency=0 Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
