AW: AW: AW: [squid-users] authentication problem with squid_ldap_group

Hi Yong,
I mean i found the error. i installed a squid 2.5.Stable6 Version and it yust works. The squid version 2.5.Stable7 dont`t work. The squid_ldap_group file from stbale 2.7 is bigger. here is a diffrent.
Or is this a compiling problem. I compile with ./configure --prefix=/usr/local/squid . Is this correct ?

Regard
Joachim

-----Ursprüngliche Nachricht-----
Von: Yong Bong Fong [mailto:bfyong@shinyang.com.my]
Gesendet: Donnerstag, 13. Januar 2005 08:00
An: Joachim JS. Schuster
Betreff: Re: AW: AW: [squid-users] authentication problem with squid_ldap_group

Hi Joachim,

   I am using squid-2.5.STABLE5-2, comes with FC2.
Actually for your case, is it when you do it from command prompt, its ok
but from browser it cannot pass through?

I had a case before when I got OK from terminal but on browser it cannot
go through. It just kept reprompting for username and password from the
browser. Then I changed the %u -> %v and %g -> %a and worked.

regards
Yong

Joachim JS. Schuster wrote:

>Hi Yong,
>What squid version do you use ?
>
>regards
>
>Joachim
>
>
>-----Ursprüngliche Nachricht-----
>Von: Yong Bong Fong [mailto:bfyong@shinyang.com.my]
>Gesendet: Donnerstag, 13. Januar 2005 01:27
>An: Joachim JS. Schuster
>Betreff: Re: AW: [squid-users] authentication problem with squid_ldap_group
>
>
>Hi Joachim,
>
> This is my acl which works. Maybe you can copy exactly mine,
>especially the order of the http_access part. And see if it works.
>
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80 # http
>acl Safe_ports port 21 # ftp
>acl Safe_ports port 443 563 # https, snews
>acl Safe_ports port 70 # gopher
>acl Safe_ports port 210 # wais
>acl Safe_ports port 1025-65535 # unregistered ports
>acl Safe_ports port 280 # http-mgmt
>acl Safe_ports port 488 # gss-http
>acl Safe_ports port 591 # filemaker
>acl Safe_ports port 777 # multiling http
>acl CONNECT method CONNECT
>acl ldap_group-admin external ldap_group admin
>
>
>
>http_access allow manager localhost
>http_access allow manager
>http_access allow ldap_group-admin
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access allow localhost
>http_access deny all
>
>Regards
>Yong
>
>
>Joachim JS. Schuster wrote:
>
>
>
>>Hi,
>>Please have a look on the lines below:
>>
>>
>>acl all src 0.0.0.0/0.0.0.0
>>acl manager proto cache_object
>>acl localhost src 127.0.0.1/255.255.255.255
>>acl to_localhost dst 127.0.0.0/8
>>acl SSL_ports port 443 563
>>acl Safe_ports port 80
>>acl Safe_ports port 21
>>acl Safe_ports port 443 563
>>acl Safe_ports port 70
>>acl Safe_ports port 210
>>acl Safe_ports port 1025-65535
>>acl Safe_ports port 280
>>acl Safe_ports port 488
>>acl Safe_ports port 591
>>acl Safe_ports port 777
>>acl CONNECT method CONNECT
>>acl ldapproxygroup external ldapgroup webaccess
>>
>>http_access allow manager localhost
>>http_access deny manager
>>http_access deny !Safe_ports
>>http_access deny CONNECT !SSL_ports
>>http_access allow ldapproxygroup
>>http_access deny all
>>
>>Regards
>>
>>Joachim
>>
>>
>>-----Ursprüngliche Nachricht-----
>>Von: Yong Bong Fong [mailto:bfyong@shinyang.com.my]
>>Gesendet: Mittwoch, 12. Januar 2005 02:29
>>An: Joachim JS. Schuster
>>Betreff: Re: [squid-users] authentication problem with
>>squid_ldap_group
>>
>>
>>Hi Joachim,
>>
>> Can you post your acl list and http_access?
>>Maybe we can spot some mistakes from your acl and http_access.
>>
>>
>>
>>Joachim JS. Schuster wrote:
>>
>>
>>
>>
>>
>>>Dear squid users,
>>>I need help about my authentifaction problem with squid_ldap_group.
>>>
>>>first i create a entry for squid_ldap_auth. i can login and i have
>>>web access and it works fine.
>>>
>>>auth_param basic program /usr/sbin/squid_ldap_auth -P -R -b
>>>"dc=mb,dc=local" -D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998
>>>-f "(&(sAMAccountName=%s)(objectClass=Person))" -h 192.168.3.1 acl
>>>USERS proxy_auth REQUIRED
>>>
>>>http_access allow USERS
>>>
>>>in the next step i create this lines for my ldap group access.
>>>
>>>external_acl_type ldapgroup concurrency=15 %LOGIN
>>>/usr/sbin/squid_ldap_group -P -R -b "ou=intern,dc=mb,dc=local" -f
>>>"(&(cn=%g)(member=%u))" -F
>>>"(&(sAMAccountName=%s)(objectClass=Person))"
>>>-D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1
>>>
>>>acl ldapproxygroup external ldapgroup webaccess
>>>
>>>http_access allow ldapproxygroup
>>>
>>>i can login but i have no webaccess. i see the 407 error access
>>>denied in squid conf.
>>>
>>>when i execute
>>>
>>>heins:~ # /usr/sbin/squid_ldap_group -P -R -b
>>>"ou=intern,dc=mb,dc=local" -f "(&(cn=%g)(member=%u))" -F
>>>"(&(sAMAccountName=%s)(objectClass=Person))" -D
>>>"cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1 cwm
>>>webaccess OK
>>>
>>>i get ok but the user cwm can´t use the proxy.
>>>
>>>Thank you for all the help.
>>>
>>>Best Regards
>>>
>>>Joachim
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>
>
Received on Thu Jan 13 2005 - 03:54:08 MST