Re: [squid-users] ldap fallback not working

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 17 Aug 2010 01:18:45 +0000

On Mon, 16 Aug 2010 22:53:33 +0000, "Joseph L. Casale"
<jcasale_at_activenetwerx.com> wrote:
> I have a working setup with squid_kerb_auth and squid_kerb_ldap for
> authorization
> with group membership, I want to add squid_ldap_auth for a basic
> auth_param but
> when a client falls back to basic and uses squid_ldap_auth,
> squid_kerb_ldap errors
> out. I have set the default domain in squid_kerb_ldap. Will
> squid_kerb_ldap not
> work without a kerb client? I thought it's authorization to AD was based
> on the
> servers machine account.
>
> Missing something obvious here...
>
> Thanks!
> jlc

I think its a matter of "username" (Basic) vs "DOMAIN_at_username"
(Kerberos).

You can test this by replacing the group lookup with a fake
external_acl_helper which logs the credentials passed to the group helper.
Doing a few requests through both auth mechanisms will show you what
difference the group helper sees.

Amos
Received on Tue Aug 17 2010 - 01:20:10 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 17 2010 - 12:00:02 MDT