Re: [squid-users] ldap auth & Novell problem

I have two guesses

a) The users does not enter the correct credentials. May be caused by capslock
or other stupid errors.

b) The password contains characters which gets misunderstood on the way.

To verify which of the two is the cause you need to ask the users who have
problems what their password is. Then try both by using a browser and by
using squid_ldap_auth manually.

Not recommended alternative: To verify 'a' in a automatic manner if you are
allowed to see the credentials entered by the user then you could temporarily
enable log_mime_hdrs in squid.conf. This would cause the entered credentials
to be logged in access.log base64 encoded. You can then use this to verify if
the user really did enter the correct credentials, or if there is a specific
pattern where it fails. But you should probably NOT do this if your users
believe their passwords are private...

Regards
Henrik

Matthew Kaminski wrote:

> Several months ago I installed squid proxy server for the public school I
> work for. A week ago I was asked to provide the facilites to track users on
> the internet. I installed the squid_ldap_auth module which is
> authenticating users to the NDS (Novell direstory services) LDAP server. It
> doesnt work as great as it promised. Problem is that it works for most
> users, but not for all. After24 hours of operation I recieved about 10
> complaints from the users that it doesnt work. Basically users enters the
> credidentials, and after couple of seconds it again pops up the login/pass
> dialog box, and after several tries it finally comes up with "acces denied,
> you must be authenticated, etc, etc" message. Some users say that it
> sometimes work and sometimes not. I created temporary account, which works,
> but several ppl here are using it right now (hence i cant really track
> them). I need the authentication to be fool-proof. Please note, that when I
> run the
> squid_ldap_auth module from the linux command line, it works for everyone,
> so it is definitely not the novell/ldap problem. I strongly suspect it is
> internal squid problem. If i'm unable to provide 100% reliable method then
> I'll need to say goodbye to squid and install Border Manager, or other
> proxy/tracking software. But i would like to stick to squid... I like linux
> so much. Any comments appreciated. Thanks in advance.
>
> regards,
>
> Matthew Kaminski
> Network Administrator
>
> Howick College
> Sandspit Road
> PO Box 38142
> Howick
> Auckland
>
> Phone: 0-9-534 4492 x850
> Fax: 0-9-534 6574
> Cell: 021 159 6191
> Email: matthew.kaminski@howick.school.nz
Received on Wed Sep 11 2002 - 05:33:54 MDT