[squid-users] --> LDAP Group and NTLM together from Alex Carlos Braga Antão on 2003-01-10 (squid-users)

From: Alex Carlos Braga Antão <alex@dont-contact.us>
Date: Fri, 10 Jan 2003 10:46:27 -0300 (Hora oficial do Brasil)

Hello all,
    I got a problem here, and need some help.

-> Background:
      I have a group called Internet on my AD. All users on this group is
PERMITTED to use internet, through my squid 2.5 proxy. Those that use IE,
the authentication must be NTLM, and if somebody uses another browser that
not support NTLM, it must authenticate by LDAP (basic auth).
-> What I did:
     First I configured squid to authenticate by NTLM and since NTLM does
NOT support groups yet, I made some scripts that automatically generates an
file with all users on my AD group to NTLM authenticate. It is working with
no problems.
    Second I configures squid_ldap_auth to authenticate by my AD with the
same file that NTLM uses. It also worked with no problems.

But now, since I have to dupicate usernames on the file because LDAP does
not accept names like DOMAIN/Username and also groups, i decided to
configure SQUID_LDAP_GROUP instead of SQUID_LDAP_AUTH

-> THE PROBLEMS:
    Then I created a file that contais only one line with the name of my
group: Internet
    I compiled squid_ldap_group and configured my squid. On the conf file, I
cut my auth_proram of squid_ldap_AUTH and put:
   external_acl_type ldap_group %LOGIN /...../squid_ldap_group .....
   acl internet_ldap ldap_group "/path/to/file_group_Internet"

   1) First problem
         when I do a squid -k reconfigure, i got the error messages:
aclParseAclLine: Invalid ACL Type ldap_group
   2) How do I configure http_access to make things work like I want ? I
put:
         http_access allow all internet_ntml internet_ldap

         also tried :
         http_access allow all internet_ntml
         http_access allow all internet_ldap

        But when I open NETSCAPE, I get a message saying that the
authentication method asked is not supported. I suppose that squid is asking
for NTLM only...

Thanks for any help !!!
       Alex C. B. Antão
Analista de Sistemas e Suporte
ICQ: 5144629http://motoviagens.pagina.de
http://e-modelismo.pagina.de

"Nada como um dia apos o outro... de moto!"
Received on Fri Jan 10 2003 - 05:47:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:36 MST