[squid-users] squid+ldap from pauloric on 2007-06-15 (squid-users)

From: pauloric <pauloric@dont-contact.us>
Date: Fri, 15 Jun 2007 09:56:23 -0300

Hi Guys

Scenario:
Gnu Linux Debian 3.1 + squid 2.5.9-10sarge2

Using nsca_auth works like a charm, but now I intend to move everything
to LDAP and I can't authenticate against it.

see below from squid machine:

a) squid:~# /usr/lib/squid/ldap_auth -b "dc=xxx,dc=com,dc=br" -f "uid=
% s" -h 130.0.150.2
pauloric pauloric
OK

cool it's working

b) squid # ldapsearch -x -v -LLL -h 130.0.150.2 uid=pauloric
ldap_initialize( ldap://130.0.150.2 )
filter: uid=pauloric
requesting: ALL
dn: uid=pauloric,ou=Users,dc=xxx,dc=com,dc=br
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
sambaHomePath: \\hercules\pauloric
sambaProfilePath: \\hercules\profiles\pauloric
sambaLogonScript: login.bat
sambaDomainName: ldap
sambaHomeDrive: H:
sambaKickoffTime: 1893463200
sambaPrimaryGroupSID: S-1-5-21-3669424169-3094637634-1452395766-513
sambaAcctFlags: [U ]
displayName: pauloric
sambaPwdLastSet: 1179842737
sambaSID: S-1-5-21-3669424169-3094637634-1452395766-3002
shadowExpire: 21915
homeDirectory: /home/pauloric
loginShell: /bin/bash
gidNumber: 513
uid: pauloric
cn: pauloric
uidNumber: 1001
sn: pauloric
shadowLastChange: 13677

ok I can locate myself at LDAP

c) from squid.conf:
auth_param basic program /usr/lib/squid/ldap_auth -b
"dc=xxx,dc=com,dc=br" -f "uid=%s" -h 130.0.150.2
auth_param basic children 10
auth_param basic realm Squid proxy-caching squid.xxx.com.br
auth_param basic credentialsttl 2 hours

auth_param basic
program /usr/lib/squid/ncsa_auth /etc/admwebuser/squidusers.passwd
auth_param basic children 10
auth_param basic realm Squid proxy-caching squid.xxx.com.br
auth_param basic credentialsttl 2 hours

d) from ldap machine trying to autenticate myself via lynx :

Usuário de 'Squid proxy-caching squid.xxx.com.br' em proxy
'130.0.100.202:3128': pauloric
Senha: ********
Falha na autorização. Repetir? (s/n)

squid# tail -f /var/log/squid/access.log| grep 130.0.150.2
1181911584.377 8 130.0.150.2 TCP_DENIED/407 1832 GET
http://www.terra.com.br/ - NONE/- text/html
1181911865.372 22 130.0.150.2 TCP_DENIED/407 1832 GET
http://www.terra.com.br/ pauloric NONE/- text/html

PS tried 3 times and checked my password.

Where Am I wrong ??

Thanks in advanced

-- 
Paulo Ricardo Bruck - consultor
Contato Global Solutions
tels 011 5031-4932 5034-1732 9235-4327(cel)
http://www.contato.com.br

application/pgp-signature attachment: Esta é uma parte de mensagem assinada digitalmente

Received on Fri Jun 15 2007 - 06:57:02 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT