Hello dear list.
After having a closer look at squid 2.5 Stable1 I realized, that I should
try and use the ldap authenticator which comes with the helper modules and
while trying that, I came across the following, ratehr strange things:
When I execute
./squid_ldap_auth -h 172.16.98.3 -b ou=people,dc=club4udev,dc=uptime,dc=at
then type
root passwprd
the answer I get is
OK
in the logfiles of the LDAP server I see:
Oct 2 09:01:27 master slapd[15776]: daemon: conn=199 fd=30 connection from
IP=172.16.98.25:32950 (IP=0.0.0.0:389) accepted.
Oct 2 09:01:27 master slapd[28906]: conn=199 op=0 BIND
dn="uid=root,ou=people,dc=club4udev,dc=uptime,dc=at" method=128
Oct 2 09:01:27 master slapd[28906]: conn=199 op=0 RESULT tag=97 err=0 text=
Oct 2 09:01:27 master slapd[15781]: conn=199 op=1 UNBIND
Oct 2 09:01:27 master slapd[15781]: conn=199 fd=30 closed
which looks like a complete success to me. However, when I try the same
thing via squid, it immideatly tells me "acess denied"
My squid.conf setup looks as follows:
auth_param basic program /usr/lib/squid/squid_ldap_auth -h 172.16.98.3 -b
ou=people,dc=club4udev,dc=uptime,dc=at
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
There is an acl which requires proxy_auth, it reads as follows:
acl password proxy_auth REQUIRED
and further down the road we see:
http_access allow localhost password
http_access deny all
The funny part about this is, that I do not see ANY connection attempt to
the LDAP server whenever I try to use the proxy with my browser. It seems
to deny access without even checking my credentials. Do I have to install
the squid ldap auth helper suid root? I am a bit stumped and wondering if I
should be using PAM instaed, since PAM also authenticates against LDAP in
my setup. Please advise, thanky ou very much in advance
- - -d
-- "Hell, there are no rules here-- we're trying to accomplish something."
-- Thomas Alva Edison
Received on Thu Oct 03 2002 - 08:24:01 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:35 MST