[squid-users] Squid problem when authenticate with AD from Phan...... tom on 2007-02-19 (squid-users)

From: Phan...... tom <phan2525@dont-contact.us>
Date: Tue, 20 Feb 2007 01:47:09 +0000

Dear squid users,

I have some problem about squid when it authenticate with Active
Directory.Now I use squid 2.5 STABLE9 and I have a plan to upgrade to 2.6
STABLE9 in the near future. Now I'm testing squid2.6 to authenticate with
Active Directory. It look like a great option for admin to see that who
access to internet but after I test, I stuck with some problem. My company
have 2 domain in office. When I use squid to authenticate 1 domain,it's look
good and no problem. But when I add to domain in squid.conf and use squid to
authenticate 2 domain at the same time, it's only looking for the latest
domain that I put into squid.conf. So my question is "Can squid authenticate
2 domain at the same time? If yes, How? Is it different from authenticate 1
domain?". Here is some squid.conf
setting

#My first AD ip is 172.16.1.1/16 (testzone.local)
#My second AD ip is 172.31.1.1/16 (testdom.local)

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b
"dc=tes
tzone,dc=local -D "cn=administrator,cn=Users,dc=Testzone,dc=local" -w
"password"
-f sAMAccountName=%s -h 172.16.1.1

external_acl_type InternetGrp_test %LOGIN
/usr/local/squid/libexec/squid_ldap_g
roup -R -b "dc=testzone,dc=local" -D
"cn=administrator,cn=Users,dc=Testzone,dc=l
ocal" -w "password" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a
,ou=Internet,dc=Testzone,dc=local))" -h 172.16.1.1

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b
"dc=tes
tdom,dc=local -D "cn=administrator,cn=Users,dc=Testzone,dc=local" -w
"password"
-f sAMAccountName=%s -h 172.31.1.1

external_acl_type InternetGrp_test2 %LOGIN
/usr/local/squid/libexec/squid_ldap_g
roup -R -b "dc=testdom,dc=local" -D
"cn=administrator,cn=Users,dc=Testzone,dc=l
ocal" -w "password" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a
,ou=Internet,dc=Testzone,dc=local))" -h 172.31.1.1

acl Internet_TEST external InternetGrp_test InternetGroup
acl Internet_TEST2 external InternetGrp_test2 InternetGroup
#InternetGroup is a group on each AD that I put the person who can access to
internet

http_access allow Internet_TEST
http_access allow Internet_TEST2

_________________________________________________________________
Find what you need at prices you’ll love. Compare products and save at MSN®
Shopping.
http://shopping.msn.com/default/shp/?ptnrid=37,ptnrdata=24102&tcode=T001MSN20A0701
Received on Mon Feb 19 2007 - 18:47:20 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST