[squid-users] "Unknown error" when using group_ldap_auth

Hi,

I'm currently using group_ldap_auth patch to Squid (Version
2.4.STABLE6-ldap_auth-1.2), with a Windows 2000 box as the LDAP
server.

The Squid users are members of the Win2K domain, and I want to
authentificate users against groups (one for HTTP, another one for FTP
and another one for HTTPS).

Command-line tests are OK, but the Squid authentification sometimes
fails with "unknown error". I have search FAQ, Squid docs, and Usenet and I haven't been able to find why it fails.
I've mailed the author but I didn't get any response so far.

Here some information on my configuration

===[cache.log, debug mode]=====================
2002/05/23 09:28:57| aclDecodeProxyAuth: header = 'Basic UjAwODQ3OlIwMDg0Nw=='
2002/05/23 09:28:57| aclDecodeProxyAuth: cleartext = 'R00847:R00847'
2002/05/23 09:28:57| aclMatchLdapAuth: checking user 'R00847'
2002/05/23 09:28:57| aclMatchLdapUserInAcl: checking user 'R00847'
2002/05/23 09:28:57| aclMatchLdapUserInAcl: looking at 'static'
2002/05/23 09:28:57| aclMatchLdapUserInAcl: group found in acl, user 'R00847' matches
2002/05/23 09:28:57| aclMatchLdapAuth: user 'R00847' not yet known
2002/05/23 09:28:57| aclMatchAclList: returning 0
2002/05/23 09:28:57| aclCheck: checking password via ldap authenticator
2002/05/23 09:28:57| aclDecodeProxyAuth: header = 'Basic UjAwODQ3OlIwMDg0Nw=='
2002/05/23 09:28:57| aclDecodeProxyAuth: cleartext = 'R00847:R00847'
2002/05/23 09:28:57| aclLookupLdapAuthStart: going to ask ldap authenticator about user 'R00847'
2002/05/23 09:28:57| aclLookupLdapAuthDone: result = f
2002/05/23 09:28:57| aclCheck: checking 'http_access allow ldap_proto_HTTP ldap_users_HTTP'
2002/05/23 09:28:57| aclMatchAclList: checking ldap_proto_HTTP
2002/05/23 09:28:57| aclMatchAclList: checking ldap_users_HTTP
2002/05/23 09:28:57| aclDecodeProxyAuth: header = 'Basic UjAwODQ3OlIwMDg0Nw=='
2002/05/23 09:28:57| aclDecodeProxyAuth: cleartext = 'R00847:R00847'
2002/05/23 09:28:57| aclMatchLdapAuth: checking user 'R00847'
2002/05/23 09:28:57| aclMatchLdapUserInAcl: checking user 'R00847'
2002/05/23 09:28:57| aclMatchLdapUserInAcl: looking at 'static'
2002/05/23 09:28:57| aclMatchLdapUserInAcl: group found in acl, user 'R00847' matches
2002/05/23 09:28:57| aclMatchLdapAuth: authentication failed for user 'R00847', reason: unknown error
2002/05/23 09:28:57| aclMatchAclList: returning 0
2002/05/23 09:28:57| aclCheck: checking 'http_access allow ldap_proto_FTP ldap_users_FTP'
2002/05/23 09:28:57| aclMatchAclList: checking ldap_proto_FTP
2002/05/23 09:28:57| aclMatchAclList: returning 0
2002/05/23 09:28:57| aclCheck: checking 'http_access allow ldap_port_HTTPS ldap_users_HTTPS CONNECT'
2002/05/23 09:28:57| aclMatchAclList: checking ldap_port_HTTPS
2002/05/23 09:28:57| aclMatchAclList: returning 0
2002/05/23 09:28:57| aclCheck: checking 'http_access deny all'
2002/05/23 09:28:57| aclMatchAclList: checking all
2002/05/23 09:28:57| aclMatchIp: '10.169.181.41' found
2002/05/23 09:28:57| aclMatchAclList: returning 1
2002/05/23 09:28:57| aclCheck: match found, returning 0
2002/05/23 09:28:57| aclCheckCallback: answer=0
2002/05/23 09:29:29| aclCheckFast: list: 0x8215b20
2002/05/23 09:29:29| aclMatchAclList: checking all
===[/cache.log, debug mode]====================

===[Non-default squid options]====================
ldap_auth_program /usr/local/squid/libexec/squid/group_ldap_auth -
h 10.169.178.89 -b dc=proxy -u sAMAccountName -o group -m member

ldap_auth_children 5
ldap_auth_cache_size 300
ldap_auth_cache_ttl 3600

acl all src 0.0.0.0/0.0.0.0
acl ldap_users_HTTP ldap_auth static 'Utilisateurs_HTTP'
acl ldap_users_FTP ldap_auth static 'Utilisateurs_FTP'
acl ldap_users_HTTPS ldap_auth static 'Utilisateurs_HTTPS'
acl ldap_proto_HTTP proto HTTP
acl ldap_proto_FTP proto FTP
acl ldap_port_HTTPS port 443

acl CONNECT method CONNECT

http_access allow ldap_proto_HTTP ldap_users_HTTP
http_access allow ldap_proto_FTP ldap_users_FTP
http_access allow ldap_port_HTTPS ldap_users_HTTPS CONNECT
http_access deny all

debug_options ALL,1 28,9
===[/Non-default squid options]===================
 

Thanks in advance,

Nicob
Received on Fri May 24 2002 - 10:49:05 MDT