LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-09-2009, 03:45 PM   #1
linx win
Member
 
Registered: Jan 2004
Posts: 390

Rep: Reputation: 31
authenticating Squid users by ldap?


I have installed an ldap server. It is now working fine. I migrated all data in /etc/passwd and /etc/group to my ldap server. I also was able to get get Postfix and Dovecot mail servers to authenticate users against this ldap server. However, I could not setup squid to authenticate users against it. I have searched the net and found many solutions but none could help solve this issue.

My distor is debian unstable and here is my squid conf:

Code:
# squid.conf
http_port 8080 
http_port 3128
visible_hostname myhome.lan
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
#http_access allow all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 5050 # chat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 4096 KB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl NO_SEX dstdom_regex -i "/etc/squid/badwords"
http_access deny NO_SEX
acl GoodSites dstdomain "/etc/squid/allowed-sites.squid"
http_access allow GoodSites
acl BadSites dstdomain "/etc/squid/restricted-sites.squid"
http_access deny BadSites
allow localhost
acl localnetwork src 192.168.0.0/16
http_access allow localnetwork
acl lan src 192.168.10.100 192.168.0.0/24
http_access allow lan
http_access deny all
My squid server is working fine even in transparent mode. I tried adding the following:

Code:
auth_param basic program /usr/lib/squid/ldap_auth -b “dc=myhome, dc=lan” -D “cn=admin, dc=myhome, dc=lan” -w "password" -f sAMAccountName=%s -h 192.168.0.1

external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -b “dc=myhome, dc=lan” -D “cn=admin, dc=myhome, dc=lan” -w "password" -f “(&(objectclass=posixAccount)(sAMAccountName=%v)(memberof=cn=a, cn=People, dc=myhome, dc=lan))” -h 192.168.0.1
acl localnet proxy_auth REQUIRED src 192.168.0.0/24
acl InetAccess external InetGroup InternetAccessGrouphttp_access allow localhost
acl localnetwork src 192.168.0.0/16
http_access allow InetAccess
but did not work and I get:

FATAL: The InetGroup helpers are crashing too rapidly, need help!

Hope you can help.

Last edited by linx win; 04-09-2009 at 04:12 PM.
 
Old 04-09-2009, 05:40 PM   #2
linx win
Member
 
Registered: Jan 2004
Posts: 390

Original Poster
Rep: Reputation: 31
Solution is here:

http://wiki.squid-cache.org/ConfigEx...henticate/Ldap

for both ldap and active directory also. I tried the 1st but know nothing about the 2nd.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Authenticating FTP-Users via LDAP Manaburner Linux - Server 0 10-17-2007 04:43 PM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 09:22 AM
authenticating an ldap server onto itself guy_ripper Linux - Networking 1 12-01-2006 03:10 AM
mail server authenticating to ldap zachts Linux - Networking 1 09-27-2005 01:12 PM
LDAP, VSFTPD Not authenticating. dlublink Linux - Networking 3 01-19-2005 07:49 PM


All times are GMT -5. The time now is 06:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration