LDAP Authentication with Squid/Ubuntu

uronacid · 01-10-2011, 01:54 PM

So,

I'm attempting to set up a proxy server with LDAP authentication in SQUID. I can authenticate via the command prompt and the ldap_auth tool, however when I'm given the prompt to enter my username and password via web browser I cannot authenticate.

Here is my config for LDAP Authentication:
auth_param basic program /usr/lib/squid/ldap_auth -R -b "domain" -D "user" -w "password" -f sAMAccountName=%s -h 192.168.1.1 -v 3
auth_param basic children 5
auth_param basic realm Company Name
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on

acl localnet src 192.168.0.0/16
acl authuser proxy_auth REQUIRED
http_access allow authuser
http_access allow localnet

If I run "/usr/lib/squid/ldap_auth -R -b "domain" -D "user" -w "password" -f sAMAccountName=%s -h 192.168.1.1 -v 3" from the terminal followed by a username space password then I receive OK as a result. I'm so confused. everything I read says this should work.

Thanks in Adv,

Josh

uronacid · 01-10-2011, 02:23 PM

God... I should have known... I've been struggling with this LDAP authentication for quite some time. I had it configured properly, but forgot to run sudo squid -k reconfigure.

The problem I was running into was that in the given scenario you cannot configure squid as follows:
acl localnet src 192.168.0.0/16
acl authuser proxy_auth REQUIRED
http_access deny !authuser
http_access allow localnet

I changed this just before I made the post. I rushed to post after changing and testing the config, however I forgot to apply the configuration. Sorry for the confusion.