[squid-users] ext_ldap_group_acl not working
alesironi
alesironi at yahoo.it
Tue Feb 2 06:40:13 UTC 2016
L.P.H. van Belle wrote
> Try this format :
>
>
>
>
>
> external_acl_type ldap_search ttl=3600 negative_ttl=3600 %LOGIN
> /usr/lib/squid/ext_kerberos_ldap_group_acl \
>
> -R -b "ou=User,dc=YOUR,dc=DNSDOM,dc=TLD" \
>
> -f
> "(&(samaccountname=%v)(memberof=cn=%a,ou=Groups,ou=Users,dc=YOUR,dc=DNSDOM,dc=TLD))"
> \
>
> -D AD-bind-user at YOURREALM \
>
> -W /etc/squid/private/ldap-bind \
>
> -K \
>
> -h addc2.internald.domain.tld \
>
> -h addc1.internald.domain.tld
>
>
>
>
>
> And for the kerberos auth.
>
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
>
> --kerberos /usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME \
>
> --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> --domain=NTDOMAIN
>
>
>
> These should work, they did for me for squid 3.4.8+
>
>
>
> Or ( tested as of 3.5.10 )
>
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
>
> --kerberos /usr/lib/squid/negotiate_kerberos_auth -s
> HTTP/prxy1.internal.domain.tld at YOURREALM \
>
> --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego
> --domain=NTDOMAIN
>
>
>
> Greetz,
>
>
>
>
I configured as per your instructions. I got some errors that prevent SQUID
from starting properly (see cache.log).
I double checked my squid.conf but it seems I used the right syntax from the
sample you posted.
Cache.log, access.log, squid.conf and krb5.conf in this share:
http://1drv.ms/1nHDRXH
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ext-ldap-group-acl-not-working-tp4675816p4675845.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list