Re: RV: [squid-users] NTLM_Auth & LDAP_Group help needed.

Hi Miguel,

Thanks for the reply. I am using squid on Windows 2003 server not
unix, I think the squid entry for the external helper differs
slightly.

Could you advise.

Many Thanks

Nick

On 8/8/07, ALZUETA VERON, Miguel I. <miguel.alzueta@nuevobersa.com.ar> wrote:
> Here it goes again.
> Security policies block the attach because it had .sh extensión.
> Remember to rename from .txt to .sh and give it +x
>
> Regards
>
>
> -----Mensaje original-----
> De: ALZUETA VERON, Miguel I.
> Enviado el: Miércoles, 08 de Agosto de 2007 09:33
> Para: nick w
> Asunto: RE: [squid-users] NTLM_Auth & LDAP_Group help needed.
>
> Dear Nick:
>
> First of all, sorry if I misspell something, but English is not my primary language.
>
> And about the authenticate method, yes, you can mix both helpers. The way to do that is making your own helper.
> I attached the helper I did.
>
>
> The helper works this way.
> Squid calls our script (helper), then our script calls another helper, and if this helper fails (return ERR), then our script try another helper, and so on... until some of these helpers return OK or finally ERR
>
> I need to notice that the helper I did mix an authentication against a LDAP server (MS Active Directory), and if this method fails, then it try to authenticate against a passwd file using the NCSA helper.
> But you can edit the helper to use any method you want. You only had to edit in your squid.conf the "auth_param basic" or "auth_param METHOD" to point to the helper, and then modify the helper to use the methods that you want.
>
>
> Basically, you only need to do this:
> You have to put the helper somewhere and give it +x permission (chmodx +x /path/to/the/helper.sh).
> Then, in your squid.conf you had to change your auth_param to point to the helper.
> Finally, edit the helper to use the methods you want.
>
> Ok, I think that's all.
> If you have any questions, don't hesitate on asking.
>
> Best regards.
>
>
> P.S: I almost forgot. You need a user to authenticate against the ldap server, and then modify the next string in the helper putting your info in USER, PASS, LDAP_SERVER and obviously dc=yourdomain,dc=com.
>
> /usr/lib/squid/squid_ldap_auth -p -R -b "cn=Users,dc=yourdomain,dc=com" -D "cn=USER,cn=Users,dc=yourdomain,dc=com" -w "PASS" -f "(&(objectClass=person)(sAMAccountName=%s))" -h LDAP_SERVER
>
>
> -----Mensaje original-----
> De: nick w [mailto:nickw81@gmail.com]
> Enviado el: Martes, 07 de Agosto de 2007 19:47
> Para: GIETZ, Pablo; ALZUETA VERON, Miguel I.
> Asunto: Re: [squid-users] NTLM_Auth & LDAP_Group help needed.
>
> Hi Miguel,
>
> Pablo advised that you are the author of a mixed helper that he is
> using for NTLM_Auth & LDAP_Group. Would you mind letting me know how
> to configure this?
>
> many thanks
>
> Nick
>
> On 8/8/07, GIETZ, Pablo <Pablo.Gietz@nuevobersa.com.ar> wrote:
> >
> >
> >
> > we are building rigth now a mix helper.
> > if you want the author of this helper is
> > miguel.alzueta@nuevobersa.com.ar
> >
> > Regards
> >
> > ________________________________
> > De: nick w [mailto:nickw81@gmail.com]
> > Enviado el: mar 07/08/2007 2:06
> > Para: Henrik Nordstrom
> > CC: Angel Mieres; squid-users@squid-cache.org
> > Asunto: Re: [squid-users] NTLM_Auth & LDAP_Group help needed.
> >
> >
> >
> >
> > Hi Henrik,
> >
> > Could you advise why the session hangs then?
> >
> > thanks
> >
> > Nick
> >
> > On 7/29/07, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> > > On ons, 2007-07-25 at 08:36 +1000, nick w wrote:
> > > > thanks for the reply Angel. I have read on the forums that these two
> > > > helpers can be used together!?
> > >
> > > Yes. You can mixfreely.
> > >
> > >
> > >
> >
>
>
Received on Thu Aug 16 2007 - 19:40:56 MDT