[squid-users] squid 3.5x: Active Directory accounts with space issue
David Touzeau
david at articatech.com
Sat Nov 29 11:52:08 UTC 2014
Le 26/11/2014 11:27, Amos Jeffries a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 24/11/2014 12:01 a.m., David Touzeau wrote:
>> Hi
>>
>> We have connected 3.5.0.2-20141121-r13666 with Active Directory. It
>> seems where there are spaces in login account squid use only the
>> last argument.
>>
>> For example for an account "Jhon smith" squid use "smith" only For
>> example for an account "Dr Jhon smith" squid use "smith" only
>>
>> In 3.3.13 there is no such issue, a "Jhon smith" account is logged
>> as "Jhon smith" and sended as Jhon%20smith to helpers
> Any information about the auth Scheme being performed?
> the helpers being used?
> and what is being sent to/from the helpers in 3.5 different from the
> 3.3 version?
>
> Amos
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUdasMAAoJELJo5wb/XPRjRPUH/2aVKrtNdmJzupzsN9JtcOK0
> 1e+NIxNSaDiyu9R03eJrwlAy7g9zFGEj+0dI1HgJz36Mf2i03ahbyinD4GwFDVPh
> a6iYyCPrhy2XDeL16qcSqsX0i2e8yXO/WRbFTJymKMOFhVDS05Bg6KuE1FroNjHG
> OkhpzN/T3O1fUW2k0XSRZEWFV1YnriwcCLdKXdsXEXEIIA3J9ZN0WQZ8I/oGXfWV
> S4xHKh4jnDFJCEO5lwYxT1CDe53CCHnPfV9Uf1Dhq6AkKnDZAR8U53Uyhji4V6ck
> UzwZEPMAtK73O3uXn0J2l2S9v0ga5ymHRhiWADG2jC/8dyAc0ICaWFjK7o6wMfE=
> =GaV2
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
Hi
I'm using this method
auth_param ntlm program /usr/bin/ntlm_auth --domain=TOUZEAU.BIZ
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 25 startup=5 idle=1
auth_param ntlm keep_alive off
#Dynamic ACLs groups Enabled: [1]
external_acl_type ads_group ttl=3600 children-max=5 children-startup=1
children-idle=1 %LOGIN /usr/share/artica-postfix/external_acl_squid_ldap.php
#Other settings
authenticate_ttl 1 hour
authenticate_cache_garbage_interval 10 seconds
authenticate_ip_ttl 60 seconds
# END NTLM Parameters --------------------------------
#Basic authentication for other browser that did not supports NTLM:
(KerbAuthMethod = )
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 3 startup=1 idle=1
auth_param basic realm Basic Identification
auth_param basic credentialsttl 2 hours
On 3.3.13, everything works as expected.
On 3.5x LOGIN are truncated where there is space on account.
I have tested by removing external_acl_type ads_group, no change issue
is still displayed.
More information about the squid-users
mailing list