[squid-users] Authenticate again Active Directory

From: Peter Fraser <petros.fraser_at_gmail.com>
Date: Wed, 12 Nov 2008 11:40:39 -0500

Hi All
I've been trying to get squid to authenticate against Active Directory
as well as deny access to users in a security group. I have not been
able to get this to work reliably. This is what I have done so far.

In squid.conf, I have these entries

auth_param basic program /usr/local/libexec/squid/
squid_ldap_auth -R -b "dc=atlas,dc=local" -v 2 -D
"cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f
sAMAccountName=%s -h
    auth_param basic children 5
    auth_param basic realm Atlas Protection
    auth_param basic credentialsttl 5 minutes

external_acl_type InetGroup %LOGIN
/usr/local/libexec/squid/squid_ldap_group -R -b "dc=my,dc=domain" -v 2
-D "cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f
(memberof=cn=%a,dc=my,dc=domain))" -h

acl domain_name proxy_auth REQUIRED src
http_access allow domain_name
http_access allow localhost
acl InetAccess external InetGroup nointernet
http_access deny InetAccess

I created a security group in AD and put several users in. When these
users try to log on, they get the popup bix to log on but even when
they are in the nointernet group, they can still get on. I am at a
loss. Can anyone please point out what I am doing wrong or help me
with troubleshooting this?

Received on Wed Nov 12 2008 - 16:40:43 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 13 2008 - 12:00:03 MST