Re: [squid-users] NTLM_Auth & LDAP_Group help needed. from nick w on 2007-07-24 (squid-users)

From: nick w <nickw81@dont-contact.us>
Date: Wed, 25 Jul 2007 08:36:37 +1000

thanks for the reply Angel. I have read on the forums that these two
helpers can be used together!?

On 7/24/07, Angel Mieres <amieres@eneotecnologia.com> wrote:
> Hi nick,
>
> I don't have much experience on squid + Windows plataform but i
> recommend you to take the following way, you must try to separate
> authenticators and group clasificators by topic, i think you must use
> ntlm_auth with wbinfo_group or squid_ldap_auth with squid_ldap_group
> trying not mixing both. I hope this help you.
>
>
> nick w escribió:
> > Hi,
> >
> > I have had a look through the threads and see that there are a few
> > threads on this particular issue but dealing with Unix based squid
> > servers and not Windows platforms. I am having a little trouble
> > getting the squid_ldap_group helper working with NTLM_Auth and running
> > on a W2K3 server. With the config below when you try to browse the net
> > the browser just hangs trying to contact the website, no access denied
> > message appears and I am assuming that the browser has not had a
> > response back from squid. I have checked the cache.log file and I see
> > entries in there saying that the request matched a denied acl rule and
> > access is denied. If you are not in the AD group for denying inet
> > access you get the same browser hang. Not sure what to do from here.
> >
> > auth_param ntlm program c:/proxy/libexec/win32_ntlm_auth.exe
> > auth_param ntlm children 40
> > auth_param ntlm max_challenge_reuses 0
> > auth_param ntlm max_challenge_lifetime 2 minutes
> > auth_param ntlm use_ntlm_negotiate on
> >
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic credentialsttl 2 hours
> > auth_param basic casesensitive off
> >
> > external_acl_type ldap_group %LOGIN
> > C:\Proxy\libexec\squid_ldap_group.exe -b OU=xxx,DC=xxx,DC=xxx -f
> > OU=xxx,DC=xxx,DC=xxx -F OU=xxx,DC=xxx,DC=xxx -h LDAP_server_name -p
> > 389 -S
> >
> >
> >
> > acl inet_deny external ldap_group
> > CN=No-Internet-Access,OU=xxx,DC=xxx,DC=xxx
> >
> >
> >
> > http_access deny inet_deny
> >
> >
> >
> > Any help would be greatly appreciated.
> >
> > __________ Informaci�n de NOD32, revisi�n 2413 (20070723) __________
> >
> > Este mensaje ha sido analizado con NOD32 antivirus system
> > http://www.nod32.com
> >
> >
> >
>
>
Received on Tue Jul 24 2007 - 16:36:43 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT