hurricane81_at_virgilio.it wrote:
> Dear Squid-Users,
>
> I would like just to ask a bit of help regarding
> squid_ldap_group.
> I tried with success the helper from commandline
> about a match between a user and a group and everything works
> perfectly.
> Now, using the same set in squid.conf, it shows me in the
> log that the helpers are crashing too quick.
> My question are:
> 1) I
> need
> absolutely to authenticate first with squid_ldap_auth or I could
> leave
> the ntlm_auth at the beginning and use only squid_ldap_group to
> check
> the membership in a ldap group?
auth_param are checked in order. First match if any is used. Only first
match!
Order them to suite your preference.
> 2) at the definition of the
> external
> acl i set "%LOGIN", but to squid_ldap_group what squid pass?
Same as for normal request needing auth.
> 3) Why in
> the squid logs for each squid_ldap_group opened show me the
> list with
> the options?
Not sure myself on this one. You fail to say which log.
> and why it shows me that the -F and -B options
> are required
> if from commandline works perfectly and are not
> requested?
Maybe old help info. There is a lot of that in squid.
>
> I attach
> here the part with my configuration and
> (following) the logs:
>
> squid.
> conf
>
> #about squid_ldap_group
> external_acl_type squid_ldap children=20 %
> LOGIN c:
> /squid/libexec/squid_ldap_group.exe -R -v "3" -s "sub" -b
> "dc=kxxxx,
> dc=org" -f "(&(objectClass=person)(sAMAccountName=%v)
> (memberOf=cn=%a,
> ou=Gruppen,ou=User F\\+E,dc=xx,dc=kxxxx,dc=org))" -d -
> D "squidadmin" -
> w "xxxxx" -S -K -h "kxdcrt02.kxxxx.org" -p "3268"
>
> then
> the right acl
> with the group and the setting of the access for those.
> From
> commandline it returns me an OK but in the running of squid the
> helpers crash (I already tried to push up the number of children but
> doesn´t help!)
>
> I tried than to make the first authentication with
> squid_ldap_auth.
>
> auth_param basic program c:
> /squid/libexec/squid_ldap_auth.exe -R -v "3" -s "sub" -b "dc=kxxxx,
> dc=org" -f "sAMAccountName=%s" -d -D "squidadmin" -w "xxxxxx" -h
> "kxdcrt02.kxxxx.org" -p "3268"
>
> but when the login box appears and I
> give my credential or other, simply it remains charging the page and
> after a while give me back the loginbox without show me the webpage.
>
> Here I put also the logs:
>
> squid_ldap_group version 2.17
>
> Usage:
> squid_ldap_group -b basedn -f filter [options] ldap_server_name
>
> -b
> basedn (REQUIRED) base dn under where to search for groups
> -f filter
> (REQUIRED) group search filter pattern. %v = user,
> %a = group
> -B
> basedn (REQUIRED) base dn under where to search for users
> -F filter
> (REQUIRED) user search filter pattern. %s = login
> -s base|one|sub
> search scope
> -D binddn DN to bind as to perform searches
> -w
> bindpasswd password for binddn
> -W secretfile read password for
> binddn from file secretfile
> -h server LDAP server (defaults to
> localhost)
> -p port LDAP server port (defaults to 389)
> -P
> persistent LDAP connection
> -c timeout connect timeout
> -t timelimit
> search time limit
> -R do not follow referrals
> -a
> never|always|search|find
> when to dereference aliases
> -v 2|3
> LDAP
> version
> -Z TLS encrypt the LDAP connection, requires
> LDAP
> version 3
> -g first query parameter is base DN extension
> for
> this
> query
> -S Strip NT domain from usernames
> -K Strip Kerberos
> realm
> from usernames
>
> If you need to bind as a user to perform
> searches then
> use the
> -D binddn -w bindpasswd or -D binddn -W
> secretfile options
>
> 2008/08/07 15:38:01| logfileOpen: opening log c:
> /squid/var/logs/access.
> log
> 2008/08/07 15:38:01| Unlinkd pipe opened on
> FD 308
> 2008/08/07 15:38:
> 01| Swap maxSize 102400 KB, estimated 7876
> objects
> 2008/08/07 15:38:01|
> Target number of buckets: 393
> 2008/08/07
> 15:38:01| Using 8192 Store
> buckets
> 2008/08/07 15:38:01| Max Mem size:
> 8192 KB
> 2008/08/07 15:38:
> 01| Max Swap size: 102400 KB
> 2008/08/07 15:38:
> 01| Local cache digest
> enabled; rebuild/rewrite every 3600/3600 sec
> 2008/08/07 15:38:01|
> logfileOpen: opening log c:/squid/var/logs/store.
> log
> 2008/08/07 15:38:
> 01| Rebuilding storage in c:/squid/var/cache
> (CLEAN)
> 2008/08/07 15:38:
> 01| Using Least Load store dir selection
> 2008/08/07 15:38:01| Set
> Current Directory to c:/squid/var/cache
> 2008/08/07 15:38:01| Loaded
> Icons.
> 2008/08/07 15:38:01| Accepting
> accelerated HTTP connections at
> 172.16.30.18, port 8080, FD 314.
> 2008/08/07 15:38:01| Accepting HTCP
> messages on port 4827, FD 315.
> 2008/08/07 15:38:01| Accepting SNMP
> messages on port 3401, FD 316.
> 2008/08/07 15:38:01| Configuring Parent
> 172.16.30.16/8123/0
> 2008/08/07
> 15:38:01| Ready to serve requests.
> 2008/08/07 15:38:01| Done reading c:
> /squid/var/cache swaplog (0
> entries)
> 2008/08/07 15:38:01| Finished
> rebuilding storage from disk.
> 2008/08/07 15:38:01| 0 Entries
> scanned
> 2008/08/07 15:38:
> 01| 0 Invalid entries.
> 2008/08/07 15:
> 38:01| 0 With
> invalid flags.
> 2008/08/07 15:38:01| 0
> Objects loaded.
> 2008/08/07 15:38:01| 0 Objects expired.
> 2008/08/07 15:38:
> 01| 0 Objects cancelled.
> 2008/08/07 15:38:
> 01| 0
> Duplicate URLs purged.
> 2008/08/07 15:38:01| 0
> Swapfile clashes
> avoided.
> 2008/08/07 15:38:01| Took 0.1 seconds (
> 0.0 objects/sec).
> 2008/08/07 15:38:01| Beginning Validation Procedure
> 2008/08/07 15:38:
> 01| Completed Validation Procedure
> 2008/08/07 15:38:
> 01| Validated 0
> Entries
>
> I would be really happy to have any advice
> from you.
> Thanks in
> advance
>
> Antonio
>
>
-- Please use Squid 2.7.STABLE3 or 3.0.STABLE8Received on Fri Aug 08 2008 - 17:43:27 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 09 2008 - 12:00:02 MDT