Hi guys,
I have an active directory running on windows server 2008 r2 and squid (version 3.5.20 - CentOS 7) authenticating via LDAP (without kerberos).
The ldap authentication is working, the trouble is to create ACLs based on active directory groups.
OBS: When I run both basic_ldap_auth and ext_ldap_group_acl commands manually as squid user in console to test, I receive 'OK' as answer.
--->>> My squid.conf:
auth_param basic program /usr/lib64/squid/basic_ldap_auth -P -R -b ou=Users,ou=city,ou=country,dc=company,dc=local -D CN=bindUser,DC=company,DC=local -W PasswdFile -f sAMAccountName=%s -h 192.168.1.9
auth_param basic children 10
auth_param basic realm XXXXX
auth_param basic credentialsttl 10 minutes
external_acl_type memberof %LOGIN /usr/lib64/squid/ext_ldap_group_acl -P -R -b OU=city,OU=country,DC=company,DC=local -D CN=bindUser,DC=company,DC=local -W PasswdFile -h 192.168.1.9 -f '(&(objectClass=person)(sAMAccountName=%v)(memberOf=CN=%a,OU=Groups,OU=city,OU=country,dc=company,dc=local))'
#Also tried memberOf=CN=%g
acl fullaccess external memberof squid_fullaccess
acl LdapUsers proxy_auth REQUIRED
http_access allow fullaccess LdapUsers
###
When I try to authenticate on proxy it still prompting for user/password and any ldap query was done in domain controller looking to check if user is member of squid_fullaccess group.
Can you give me some help please ?
Many thanks!
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
