AW: AW: [squid-users] Authentication on Active Directory

Isnard, Thank you for your Tip.

I changed the entry in squid.conf and the cache worked, but there are similar entries in the cache.log.

But maybe I´m on the wrong way. Let me explain:

We want to give Internet Access to users that are member of a Windows AD group. Isn´t it easier to use squid_ldap_group ?

Regards, Ralf

-----Ursprüngliche Nachricht-----
Von: Isnard Jaquet [mailto:isnardjunior@gmail.com]
Gesendet: Dienstag, 27. November 2007 14:05
An: squid-users@squid-cache.org
Betreff: Re: AW: [squid-users] Authentication on Active Directory

Ralf,

Squid 2.6 has changed external_acl_type parameter from concurrency to
children, so try changing it to:

external_acl_type www_group ttl=0 children=5 %
LOGIN /usr/lib/squid/squid_unix_group -g www
external_acl_type ebay_group ttl=0 children=5 %
LOGIN /usr/lib/squid/squid_unix_group -g Ebay

Regards,

Isnard

On Tue, 2007-11-27 at 12:31 +0100, Ralf.Lutz@Heidelberg.de wrote:
> @Adrian: Thank you for youre fast answer. Maybe you can help me a bit with the configuration with Kerberos ?
>
> Most steps are working on my system:
>
> - I have a Kerberos ticket
> - wbinfo -g shows the groups in the AD
> - getent -g shows the groups in the AD, too
>
> But there´s a problem with the squid configuration:
>
> I have the following entrie in the squid.conf:
>
> external_acl_type www_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/squid_unix_group -g www
> external_acl_type ebay_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/squid_unix_group -g Ebay
>
> Users in the two groups www and Ebay should go to the internet. This worked on our "old" proxy with squid 2.5 without Kerberos.
>
> If I now start squid and use it as proxy, I get a TCP_DENIED in the access.log and in the cache.log the following entries:
>
> helper: Group does not exist 'Lutz'
> helper: Group does not exist 'X<AB>^D^H<F2><87>^D^H'
> helper: Group does not exist '<88>^Wοy<97>^D^Hu<B8>v'
> helper: Group does not exist '<C9><C3>'
> helper: Group does not exist '<9C><8D><87>'
> helper: Group does not exist '<A0>6z'
> helper: Group does not exist '<E8>^Wο<EC>]u'
> helper: Group does not exist '<8D><83><E8><FE><FF><FF><89>E<F0><8D><83><E8><FE><FF><FF>)E<F0><C1>}<F0>^B<8B>U
> <B6>'
> helper: Group does not exist '<81><C3>^?<D7>^P'
> helper: Group does not exist '_^\ο<8A>^\ο<9A>^\ο<A5>^\ο<B3>^\ο<D3>^\ο<E6>^\ο<F0>^\ο<B3>^^ο<D6>^^ο<F0>^^ο<FF>
> ^^ο^T^_ο%^_ο;^_οC^_οP^_ο<81>^_ο<A3>^_ο<B8>^_ο<CA>^_ο'
> helper: Group does not exist '^C'
> helper: Group does not exist '<9C><8D><87>'
> helper: Group does not exist ''
> helper: Group does not exist 'Lutz'
> helper: Group does not exist 'X<AB>^D^H<F2><87>^D^H'
> helper: Group does not exist 'x6<97><BF>y<97>^D^Hu<B8>v'
> helper: Group does not exist '<C9><C3>'
> helper: Group does not exist '<9C><8D><87>'
> helper: Group does not exist '<A0>6z'
> helper: Group does not exist '<D8>6<97><BF><EC>]u'
> helper: Group does not e<B6>''<8D><83><E8><FE><FF><FF><89>E<F0><8D><83><E8><FE><FF><FF>)E<F0><C1>}<F0>^B<8B>U
> helper: Group does not exist '<81><C3>^?<D7>^P'
> helper: Group does not exist '_L<97><BF><8A>L<97><BF><9A>L<97><BF><A5>L<97><BF><B3>L<97><BF><D3>L<97><BF><E6>
> L<97><BF><F0>L<97><BF><B3>N<97><BF><D6>N<97><BF><F0>N<97><BF><FF>N<97><BF>^TO<97><BF>%O<97><BF>;O<97><BF>CO
> <97><BF>PO<97><BF><81>O<97><BF><A3>O<97><BF><B8>O<97><BF><CA>O<97><BF>'
> helper: Group does not exist '^C'
> helper: Group does not exist '<9C><8D><87>'
> helper: Group does not exist ''
>
> Have you an idea ?
Received on Tue Nov 27 2007 - 07:09:41 MST