Hey Guys,
I am having an interesting experience trying to setup a nice way of
doing authentication at my work. We have installed an RFC identd daemon
on all our machines, including Windows machines. What I am trying to do
is, have two methods of authentication. Centrally we have an LDAP
database which I need to authenticate against. For the moment, I have
LDAP authentication working via proxy_auth. What I would like to do, is
in the first instance have squid check the users IDENT and check that
against a valid username in my LDAP table (I have written an
external_acl program to do this), and in the second instance (if #1
failes) bring up the username/password box as normal.
What I am finding is, squid performs the IDENT lookup, but still shows
the proxy_auth box. If I close the proxy_auth box and continuosly hit
Refresh, the page will eventually display, with the proxy_auth box
displaying a number of times before it actually works.
Here are the basics in my squid.conf:
auth_param basic program /usr/local/squid/bin/ldap_acis
auth_param basic children 15
auth_param basic realm The AusAID Proxy Server
external_acl_type ausaid ttl=3600 negative_ttl=0 %IDENT %METHOD
/usr/local/squid/bin/ident_acis
acl all src 0.0.0.0/0.0.0.0
ident_lookup_access allow all
acl manager proto cache_object
acl ident ident
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl CONNECT method CONNECT
acl acisesd src 202.6.37.153/255.255.255.255
acl spack external ausaid
http_access allow spack
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl password proxy_auth
http_access allow password
icp_access allow all
http_access deny all
Any ideas would be GREATLY appreciated!
Cheers,
Nathan
Received on Thu Oct 31 2002 - 15:45:08 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:57 MST