Using LDAP authentication only on one cache_peer in Squid
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Using LDAP authentication only on one cache_peer in Squid
Hello all,
I'm trying to configure Squid to ask for authentication using LDAP but ONLY on one cache_peer. Before I had it activated on all servers and it worked perfectly. All the other webservers however have their own authentication except this wiki.
This is what I have in my squid.conf in regards to this particular site.
Code:
cache_peer 172.25.XXX.XXX parent 80 0 no-query originserver name=wiki
acl site_wiki dstdomain wiki.tradisa.com
cache_peer_access wiki allow site_wiki
auth_param basic program /lib/squid3/squid_ldap_auth -R -b "dc=domain,dc=es" -D "cn=squid,cn=Users,dc=domain,dc=es" -w "ldapuser" -f sAMAccountName=%s -h 172.25.XXX.XXX
auth_param basic children 1
auth_param basic credentialsttl 5 minutes
cache_peer_access wiki deny all
acl wiki_users proxy_auth REQUIRED
cache_peer_access wiki allow wiki_users
however I go straight to the website without it asking for authentication.
LDAP authentication is working perfectly, it's just an error in my definition as stated above. I'm missing something but I cannot see it. Of course IPs and names have been changed before posting.
Small update. With the help of the squid mailing list I got some things changed already. My peer config looks like this for the one that has to authenticate.
Trouble is that now I get prompted for ALL the peers to pass the
credentials which is not what I want. I'm going nuts with this thing.
I know it has something to do with the sequence the lines are in but
cannot see the trees through the forest any more.
That's a No Go, I get the same result as before. I can activate the LDAP authentication and it's perfectly working. The problem I'm having is that when activated it gets applied to ALL the servers in the Squid configuration and I only want it to apply to the WIKI site.
All the other sites have their login page working with LDAP against our AD, but the WIKI shows all content at once. Since a lot of that content is private I prefer to authenticate before showing that site.
The other option is to create a login page for the wiki in order to have the same workflow as for the other servers/sites.
It appears to be impossible to just indicate to use the LDAP authentication on just one peer in the configuration. Looks like an all or nothing situation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.