[SOLVED] squid_ldap_auth: Can I specify a failover domain controller?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
squid_ldap_auth: Can I specify a failover domain controller?
I've run into a new problem in setting up a Squid 3.0 server at my office. Before going into what's wrong though, let me describe how we have it set up:
User's IE browsers point to the Squid server as the proxy, and when they open the browser they are prompted for their LDAP credentials. The Squid server authenticates them against one of our Windows S2003 domain controllers and gives them permissions to certain websites based on which AD security group I've put them in. To this end, everything is working perfectly.
However, in order to accomplish this, I use the program squid_ldap_auth. It took forever to get it working the way I want it, but I finally discovered that in order to successfully look up an account on our DC, I have to use the -h parameter to specify the IP of one of my domain controllers.
So, my question.
Is there a way for me to specify a failover host, in case that DC is down or unavailable for any reason? (We have several DC's here.)
I'd like to know if this can be done within the command parameters or within my squid.conf file. I've poured through the man pages of squid_ldap_auth and looked up many squid.conf tutorials without much luck.
Adding a failover or second DC appears to be as simple as adding a comma. Yes... unsurprisingly, a seemingly simple problem has an even simpler solution.
So if I go "squid_ldap_auth (etc etc) -h 192.168.0.1,192.168.0.2" then it will iterate through those IPs until it finds one it can authenticate against. The man page does sort of imply this is possible but doesn't explicitly say it, now that I look back at it.