Search squid archive

Re: ext_ldap_group_acl not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Try this format :

 

 

external_acl_type ldap_search ttl=3600 negative_ttl=3600 %LOGIN /usr/lib/squid/ext_kerberos_ldap_group_acl \

    -R -b "ou=User,dc=YOUR,dc=DNSDOM,dc=TLD" \

    -f "(&(samaccountname=%v)(memberof=cn=%a,ou=Groups,ou=Users,dc=YOUR,dc=DNSDOM,dc=TLD))" \

    -D AD-bind-user@YOURREALM \

    -W /etc/squid/private/ldap-bind \

    -K \

    -h addc2.internald.domain.tld \

    -h addc1.internald.domain.tld

 

 

And for the kerberos auth.

auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \

    --kerberos /usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME \

    --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=NTDOMAIN

 

These should work, they did for me for squid 3.4.8+ 

 

Or ( tested as of 3.5.10 )

auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \

    --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/prxy1.internal.domain.tld@YOURREALM \

    --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN

 

Greetz,

 

 

 

> -----Oorspronkelijk bericht-----

> Van: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens

> alesironi

> Verzonden: maandag 1 februari 2016 15:22

> Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx

> Onderwerp: Re: ext_ldap_group_acl not working

>

> L.P.H. van Belle wrote

> > Just a question..

> >

> > You are using debian,  i did say..

> >

> > chmod root:proxy ( proxy is the default squid user in debian )

> >

> > i see..

> > chown root:squid /etc/squid3/ldappass.txt

> >

> > try again with

> > chown root:proxy /etc/squid3/ldappass.txt

> >

> > Greetz,

> >

> > Louis

>

> It was probably my typo, anyway I reconfigured as you said again.

> Same result. If I use SUDO (or if I configure to use the password in

> clear)

> it proceeds, but with the same error: invalid request: No Username

>

> Looks like an error in the syntax I used....

>

>

>

>

>

> --

> View this message in context: http://squid-web-proxy-

> cache.1019090.n4.nabble.com/ext-ldap-group-acl-not-working-

> tp4675816p4675826.html

> Sent from the Squid - Users mailing list archive at Nabble.com.

> _______________________________________________

> squid-users mailing list

> squid-users@xxxxxxxxxxxxxxxxxxxxx

> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux