Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 04-09-2009, 02:45 PM   #1
linx win
Registered: Jan 2004
Posts: 390

Rep: Reputation: 31
authenticating Squid users by ldap?

I have installed an ldap server. It is now working fine. I migrated all data in /etc/passwd and /etc/group to my ldap server. I also was able to get get Postfix and Dovecot mail servers to authenticate users against this ldap server. However, I could not setup squid to authenticate users against it. I have searched the net and found many solutions but none could help solve this issue.

My distor is debian unstable and here is my squid conf:

# squid.conf
http_port 8080 
http_port 3128
visible_hostname myhome.lan
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src
#http_access allow all
acl manager proto cache_object
acl localhost src
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 5050 # chat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 4096 KB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl NO_SEX dstdom_regex -i "/etc/squid/badwords"
http_access deny NO_SEX
acl GoodSites dstdomain "/etc/squid/allowed-sites.squid"
http_access allow GoodSites
acl BadSites dstdomain "/etc/squid/restricted-sites.squid"
http_access deny BadSites
allow localhost
acl localnetwork src
http_access allow localnetwork
acl lan src
http_access allow lan
http_access deny all
My squid server is working fine even in transparent mode. I tried adding the following:

auth_param basic program /usr/lib/squid/ldap_auth -b “dc=myhome, dc=lan” -D “cn=admin, dc=myhome, dc=lan” -w "password" -f sAMAccountName=%s -h

external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -b “dc=myhome, dc=lan” -D “cn=admin, dc=myhome, dc=lan” -w "password" -f “(&(objectclass=posixAccount)(sAMAccountName=%v)(memberof=cn=a, cn=People, dc=myhome, dc=lan))” -h
acl localnet proxy_auth REQUIRED src
acl InetAccess external InetGroup InternetAccessGrouphttp_access allow localhost
acl localnetwork src
http_access allow InetAccess
but did not work and I get:

FATAL: The InetGroup helpers are crashing too rapidly, need help!

Hope you can help.

Last edited by linx win; 04-09-2009 at 03:12 PM.
Old 04-09-2009, 04:40 PM   #2
linx win
Registered: Jan 2004
Posts: 390

Original Poster
Rep: Reputation: 31
Solution is here:

for both ldap and active directory also. I tried the 1st but know nothing about the 2nd.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Authenticating FTP-Users via LDAP Manaburner Linux - Server 0 10-17-2007 03:43 PM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 08:22 AM
authenticating an ldap server onto itself guy_ripper Linux - Networking 1 12-01-2006 02:10 AM
mail server authenticating to ldap zachts Linux - Networking 1 09-27-2005 12:12 PM
LDAP, VSFTPD Not authenticating. dlublink Linux - Networking 3 01-19-2005 06:49 PM

All times are GMT -5. The time now is 09:00 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration