Hello All,
Squid version: Squid 3.0 STABLE 15
OpenLdap version: 2.4.11
I'm using "digest_ldap_auth" with "Open Ldap" combination for Digest
Authentication. It works well, but some users got authentication
failed. I'm able to get the valid hash from the LDAP server through
the command line,
# echo '"myuserid":"my
realm"'|/usr/local/squid/libexec/digest_ldap_auth -b
"dc=mydomain,dc=example,dc=com" -u "uid" -A "l" -D
"cn=replicareader,dc=mydomain,dc=example,dc=com" -W
"/etc/digestreader_cred" -e -v 3 -h ldapserver.mydomain.example.com
-p 389 -s sub -F "(&(objectclass=*)(uid=%s))"
56a4163324124a2ef86822eadf80ff53
I also verified the hash value manually from the below URL which is
also matched perfectly.
http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication
Note that I'm running FIVE squid servers. I successfully authenticated
with 2nd proxy server using the same user account which got failed
with the first proxy server. Squid returning the TCP_DENIED/407
response to the client. Same userid is working when I do restart squid
(even reconfigure doesn't help), but I feel it is never be a right
way. After the successful restart, some other accounts are not
working.
See the squid Digest authentication configuration lines below,
auth_param digest program /usr/local/squid/libexec/digest_ldap_auth -b
"dc=mydomain,dc=example,dc=com" -u "uid" -A "l" -D
"cn=replicareader,dc=mydomain,dc=example,dc=com" -W
"/etc/digestreader_cred" -e -v 3 -h ldapserver.mydomain.example.com
-p 389 -s sub -F "(&(objectclass=*)(uid=%s))"
auth_param digest children 5
auth_param digest realm My Realm
auth_param digest nonce_garbage_interval 480 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
auth_param digest check_nonce_count on
I hope somebody may faced this issue. Any help would be greatly
appreciated. Thanks in advance.
Thanks and Regards,
Sankar.M
Received on Sat Oct 10 2009 - 14:53:48 MDT
This archive was generated by hypermail 2.2.0 : Sun Oct 11 2009 - 12:00:03 MDT