Hi,
Thanx for the tip. I had to define an additional acl and than it worked.
Now the problem is that I would like to allow only members of a specific
group to access internet. For this I have the following line in my config
file.
external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b
"dc=domain,dc=eu" -D "cn=test1,cn=Users,dc=domain,dc=eu" -w "test1" -f "
(&(objectclass=person)(sAMAccountName=%v)(memberof=cn
=%a,ou=Users,dc=domain,dc=eu))" -h MyIPAddress
Under TAG:ACL
acl localnet proxy_auth REQUIRED src xxx.xxx.xxx.xxx/24
acl InetAccess external Internet Testgroup
Tag:http_access
http_access allow InetAccess
This is what i additionaly set up after which the internet was working
http_access allow localnet
I even defined a denygroup and added a test user but i still can access to
internet by using that user. I think somehow the syntax of group
authentication is not complete.
Best Regards,
Saqib
|-----------------------------+-------------------------------------------|
| Henrik Nordstrom | |
| <henrik@henriknordstrom.ne| |
| t> | An|
| | "Saqib Khan (horiba/eu)" |
| 01.09.2006 16:48 | <saqib.khan@horiba.com> |
| | Kopie|
| | squid-users@squid-cache.org |
| | Thema|
| | Re: [squid-users] Squid LDAP|
| | authentication with 2003 AD |
| | |
| | |
| | |
| | |
| | |
| | |
|-----------------------------+-------------------------------------------|
On Fri, 2006-09-01 at 15:07 +0200, Saqib Khan (horiba/eu) wrote:
>
> Hello List members,
>
> I am getting problem after authenticating a user over ldap. After getting
> authenticated I get the following error message:
>
> ERROR
> The requested URL could not be retrieved
>
>
> While trying to retrieve the URL: http://www.google.de/
>
> The following error was encountered:
>
> Access Denied.
Which says that the request was denied your http_access directives (or
maybe http_reply_access or miss_access).
The authentication as such most likely worked fine.
Regards
Henrik
Received on Mon Sep 04 2006 - 05:13:11 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT