LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 09-22-2009, 10:42 AM   #1
RedHelix
LQ Newbie
 
Registered: Mar 2004
Location: BAWstun Massachusetts
Distribution: Red Hat
Posts: 9

Rep: Reputation: 0
squid_ldap_auth: Can I specify a failover domain controller?


Hi everyone,
I've run into a new problem in setting up a Squid 3.0 server at my office. Before going into what's wrong though, let me describe how we have it set up:

User's IE browsers point to the Squid server as the proxy, and when they open the browser they are prompted for their LDAP credentials. The Squid server authenticates them against one of our Windows S2003 domain controllers and gives them permissions to certain websites based on which AD security group I've put them in. To this end, everything is working perfectly.

However, in order to accomplish this, I use the program squid_ldap_auth. It took forever to get it working the way I want it, but I finally discovered that in order to successfully look up an account on our DC, I have to use the -h parameter to specify the IP of one of my domain controllers.

So, my question.

Is there a way for me to specify a failover host, in case that DC is down or unavailable for any reason? (We have several DC's here.)

I'd like to know if this can be done within the command parameters or within my squid.conf file. I've poured through the man pages of squid_ldap_auth and looked up many squid.conf tutorials without much luck.

Much appreciated; you guys are saviors!
Jack

Last edited by RedHelix; 09-22-2009 at 10:43 AM.
 
Old 09-22-2009, 11:50 AM   #2
RedHelix
LQ Newbie
 
Registered: Mar 2004
Location: BAWstun Massachusetts
Distribution: Red Hat
Posts: 9

Original Poster
Rep: Reputation: 0
Whoop, answered my own question.

Adding a failover or second DC appears to be as simple as adding a comma. Yes... unsurprisingly, a seemingly simple problem has an even simpler solution.

So if I go "squid_ldap_auth (etc etc) -h 192.168.0.1,192.168.0.2" then it will iterate through those IPs until it finds one it can authenticate against. The man page does sort of imply this is possible but doesn't explicitly say it, now that I look back at it.

Hope this helps someone down the road
 
  


Reply

Tags
authentication, controller, dc, domain, ldap, squid, squid3


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to give Domain Administrator privileges to Root user in Domain Controller Sumitsm Linux - Newbie 12 08-24-2009 01:53 AM
Stop one profile from roaming in domain with samba domain controller aiurm Linux - Server 4 10-16-2008 07:12 AM
help with domain controller! Red Squirrel Linux - Server 1 06-26-2008 11:51 AM
Using Linux as a domain controller for a W2K3 domain. Passive Linux - Networking 3 01-28-2005 07:01 PM
Do you need a Domain controller in a NIS domain? synthol6 AIX 3 07-01-2004 01:20 PM


All times are GMT -5. The time now is 07:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration