Re: [squid-users] Authenticate again Active Directory

From: Luis Daniel Lucio Quiroz <>
Date: Wed, 12 Nov 2008 13:26:15 -0600

Mine is this

auth_param basic program /usr/lib64/squid/squid_ldap_auth -b DC=XXX,DC=XXX -D
admin_at_XXX -w Elmasmejor3567 -f sAMAccountName=%s -h XXX.XXX.XXX.XXX.
1 -s sub -p 389 -v 3 -P -O -R
auth_param basic children 25
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

> Hi All
> I've been trying to get squid to authenticate against Active Directory
> as well as deny access to users in a security group. I have not been
> able to get this to work reliably. This is what I have done so far.
> In squid.conf, I have these entries
> auth_param basic program /usr/local/libexec/squid/
> squid_ldap_auth -R -b "dc=atlas,dc=local" -v 2 -D
> "cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f
> sAMAccountName=%s -h
> auth_param basic children 5
> auth_param basic realm Atlas Protection
> auth_param basic credentialsttl 5 minutes
> external_acl_type InetGroup %LOGIN
> /usr/local/libexec/squid/squid_ldap_group -R -b "dc=my,dc=domain" -v 2
> -D "cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f
> "(&(objectclass=person)(sAMAccountName=%v)
> (memberof=cn=%a,dc=my,dc=domain))" -h
> acl domain_name proxy_auth REQUIRED src
> http_access allow domain_name
> http_access allow localhost
> acl InetAccess external InetGroup nointernet
> http_access deny InetAccess
> I created a security group in AD and put several users in. When these
> users try to log on, they get the popup bix to log on but even when
> they are in the nointernet group, they can still get on. I am at a
> loss. Can anyone please point out what I am doing wrong or help me
> with troubleshooting this?
> Thanks.
On Wednesday 12 November 2008 10:40:39 Peter Fraser wrote:
Received on Wed Nov 12 2008 - 19:26:50 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 13 2008 - 12:00:03 MST