AW: AW: [squid-users] authentication problem with squid_ldap_group

Hi Yong,
What squid version do you use ?

regards

Joachim

-----Ursprüngliche Nachricht-----
Von: Yong Bong Fong [mailto:bfyong@shinyang.com.my]
Gesendet: Donnerstag, 13. Januar 2005 01:27
An: Joachim JS. Schuster
Betreff: Re: AW: [squid-users] authentication problem with squid_ldap_group

Hi Joachim,

   This is my acl which works. Maybe you can copy exactly mine,
especially the order of the http_access part. And see if it works.

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl ldap_group-admin external ldap_group admin

http_access allow manager localhost
http_access allow manager
http_access allow ldap_group-admin
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

Regards
Yong

Joachim JS. Schuster wrote:

>Hi,
>Please have a look on the lines below:
>
>
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80
>acl Safe_ports port 21
>acl Safe_ports port 443 563
>acl Safe_ports port 70
>acl Safe_ports port 210
>acl Safe_ports port 1025-65535
>acl Safe_ports port 280
>acl Safe_ports port 488
>acl Safe_ports port 591
>acl Safe_ports port 777
>acl CONNECT method CONNECT
>acl ldapproxygroup external ldapgroup webaccess
>
>http_access allow manager localhost
>http_access deny manager
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access allow ldapproxygroup
>http_access deny all
>
>Regards
>
>Joachim
>
>
>-----Ursprüngliche Nachricht-----
>Von: Yong Bong Fong [mailto:bfyong@shinyang.com.my]
>Gesendet: Mittwoch, 12. Januar 2005 02:29
>An: Joachim JS. Schuster
>Betreff: Re: [squid-users] authentication problem with squid_ldap_group
>
>
>Hi Joachim,
>
> Can you post your acl list and http_access?
>Maybe we can spot some mistakes from your acl and http_access.
>
>
>
>Joachim JS. Schuster wrote:
>
>
>
>>Dear squid users,
>>I need help about my authentifaction problem with squid_ldap_group.
>>
>>first i create a entry for squid_ldap_auth. i can login and i have web
>>access and it works fine.
>>
>>auth_param basic program /usr/sbin/squid_ldap_auth -P -R -b
>>"dc=mb,dc=local" -D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -f
>>"(&(sAMAccountName=%s)(objectClass=Person))" -h 192.168.3.1 acl USERS
>>proxy_auth REQUIRED
>>
>>http_access allow USERS
>>
>>in the next step i create this lines for my ldap group access.
>>
>>external_acl_type ldapgroup concurrency=15 %LOGIN
>>/usr/sbin/squid_ldap_group -P -R -b "ou=intern,dc=mb,dc=local" -f
>>"(&(cn=%g)(member=%u))" -F "(&(sAMAccountName=%s)(objectClass=Person))"
>>-D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1
>>
>>acl ldapproxygroup external ldapgroup webaccess
>>
>>http_access allow ldapproxygroup
>>
>>i can login but i have no webaccess. i see the 407 error access denied
>>in squid conf.
>>
>>when i execute
>>
>>heins:~ # /usr/sbin/squid_ldap_group -P -R -b
>>"ou=intern,dc=mb,dc=local" -f "(&(cn=%g)(member=%u))" -F
>>"(&(sAMAccountName=%s)(objectClass=Person))" -D
>>"cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1 cwm
>>webaccess OK
>>
>>i get ok but the user cwm can´t use the proxy.
>>
>>Thank you for all the help.
>>
>>Best Regards
>>
>>Joachim
>>
>>
>>
>>
>>
>>
>
>
>
>
>
Received on Wed Jan 12 2005 - 23:40:40 MST