[squid-users] Squid LDAP Authentication Problems

Hi everyone :-),

I'm having some problems configuring Squid to authenticate with LDAP. I
first of all started by testing these commands in the command line:

/usr/lib64/squid/squid_ldap_auth -b "dc=example,dc=com,dc=au" -D
"cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f
sAMAccountName=%s -h 192.168.10.254
> myaccountname mypassword

/usr/lib64/squid/squid_ldap_group -b "dc=example,dc=com,dc=au" -D
"cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=example,dc=com,dc=au))"
-h 192.168.10.254
>myaccountname InternetAllowGroup

To which, both return "OK" and "ERR" whenever I put in a wrong
password/group etc so I believe that to be working. Now I've modified
squid.conf as follows (obviously with most snipped out):

TAG: auth_param
auth_param basic program /usr/lib64/squid/squid_ldap_auth -b
"dc=example,dc=com,dc=au" -D
"cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f
sAMAccountName=%s -h 192.168.10.254
auth_param basic children 5
auth_param basic realm Example
auth_param basic credentialsttl 2 hours

TAG: external_acl_type
external_acl_type InetGroup %LOGIN /usr/lib64/squid/squid_ldap_group -b
"dc=example,dc=com,dc=au" -D
"cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=example,dc=com,dc=au))"
-h 192.168.10.254
external_acl_type InetDenyGroup /usr/lib64/squid/squid_ldap_group -b
"dc=example,dc=com,dc=au" -D
"cn=Administrator,cn=Users,dc=example,dc=com,dc=au" -w "mypassword" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=example,dc=com,dc=au))"
-h 192.168.10.254

TAG: acl
acl InetAccess external InetGroup InternetAllowGroup
acl InetDenyAccess external InetDenyGroup InternetDenyGroup
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl localnet proxy_auth REQUIRED src 192.168.10.0/255

TAG: http_access
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow InetAccess
http_access deny InetDenyAccess

(Note also that Safe_ports are set to allow)

I think that is everything I had to do. However, when I set up my browser
with the proxy, type in my username and password it just keeps rejecting me.
I have no idea what else to try. It has to be something to do with the
squid.conf but I have no idea what.

Any help would be much appreciated, thankyou.

-- 
View this message in context: http://www.nabble.com/Squid-LDAP-Authentication-Problems-tf4716128.html#a13481648
Sent from the Squid - Users mailing list archive at Nabble.com.