RE: [squid-users] Digest LDAP Auth not running from Andreas Krummrich on 2009-03-19 (squid-users)

From: Andreas Krummrich <andreas_at_krummrich.org>
Date: Thu, 19 Mar 2009 22:41:55 +0100

Hi Chris,

-----Original Message-----
From: crobertson_at_gci.net [mailto:crobertson_at_gci.net]
Sent: Thursday, March 19, 2009 10:08 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Digest LDAP Auth not running

Andreas Krummrich wrote:
> -----Original Message-----
> From: crobertson_at_gci.net [mailto:crobertson_at_gci.net]
> Sent: Thursday, March 19, 2009 8:05 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Digest LDAP Auth not running
>
> Andreas Krummrich wrote:
>
>> Hi,
>>
>> I recently installed Squid3 on my Debian Lenny box. After the proxy was
>> running fine, I searched for an option to secure the authentication
>>
> between.
>
>> As I'm still using LDAP, I decided to use LDAP digest auth. I went
through
>> this manual:
>> http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication.
>> All tests were successful. But I can't authenticate neither with the IE7
>>
> nor
>
>> with Mozilla Firefox.
>>
>> In get the following error messages:
>>
>> Connected OK
>> searchbase 'uid=user, ou=Users,dc=intern,dc=domain,dc=de'
>> 2009/03/19 15:31:20| helperHandleRead: unexpected reply on channel 0 from
>> digestauthenticator #1 'c19a6e536533c783e6a8e10eef070605'
>>
>>
>
> I think this indicates you are using concurrency with a helper that
> doesn't support it. Does your auth_param line include any mention of
> "concurrency"?
>
> I don't know. This is the line:
>
> auth_param digest program /usr/lib/squid3/digest_ldap_auth -b
> "ou=Users,dc=intern,dc=domain,dc=de" -u "uid" -A "l" -D
> "uid=digestreader,dc=intern,dc=domamin,dc=de" -W "/etc/digestreader_cred"
-e
> -v 3 -h ldapserver -d
>

Hmmm. Try dropping the "-d" as that is a debug flag and might interfere
with the proper working of the helper.

Groovy ;-) That's it. Never saw a debug flag which stopped a service.

Many thanks!!

Andreas

> Is there anything wrong?
>
>
>> The password hash, which comes back is right. It's the same one like in
>>
> the
>
>> LDAP entry.
>>
>> I checked everything twice, but found no errors. I hope somebody here can
>> help me.
>>
>> Thanks in advance!
>>
>> Kind Regards,
>> Andreas
>>
>
> Chris
>
> Thanks so far!
>
> Andreas
>

Chris
Received on Thu Mar 19 2009 - 21:42:18 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 20 2009 - 12:00:03 MDT