[squid-users] Squid LDAP Auth ?

Amos Jeffries squid3 at treenet.co.nz
Sun Feb 7 01:08:30 UTC 2016 

On 7/02/2016 12:01 a.m., Olivier CALVANO wrote:
> Hi
> 
> i want configure Squid to use a Windows AD LDAP.
> 
> in commande line that work:
> 
> 
> [root at gw squid]# ./basic_ldap_auth -R -b 'dc=mydomain,dc=fr' -f
> 'sAMAccountName=%s' -D 'cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr' -w
> 'Pa77word' -t 3 -H 192.168.10.1
> Test Goodpassword
> OK
> Test badpassword
> ERR Success
> 
> 
> 
> 
> but when i connect to squid, my browser request the login/pass all time
> and in a logs i have:
> 
> basic_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

IIRC, that means the -b parameter is not accessible to the LDAP user
account (-D  with -w password).


> 2016/02/06 11:56:51.376 kid1| client_side.cc(1375) sendStartOfMessage: HTTP
> Client local=192.168.10.1:8080 remote=192.168.10.100:60716 FD 18 flags=1
> 2016/02/06 11:56:51.376 kid1| client_side.cc(1376) sendStartOfMessage: HTTP
> Client REPLY:
> ---------
> HTTP/1.1 407 Proxy Authentication Required
> Server: squid/3.3.8
> Mime-Version: 1.0
> Date: Sat, 06 Feb 2016 10:56:51 GMT
> Content-Type: text/html
> Content-Length: 3476
> X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> Vary: Accept-Language
> Content-Language: en
> Proxy-Authenticate: Basic realm="MyTest"
> X-Cache: MISS from gw.mylocalhost.fr
> X-Cache-Lookup: NONE from gw.mylocalhost.fr:8080
> Via: 1.1 gw.mylocalhost.fr (squid/3.3.8)
> Connection: keep-alive
> 
> 
> 
> my squid.conf config:
> 
> auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b
> 'dc=mydomain,dc=fr' -f 'sAMAccountName=%s' -D
> 'cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr' -w 'Pa77word' -t 3 -H 192.168.10.1
> auth_param basic children 40 startup=5 idle=1
> auth_param basic realm MyTest
> auth_param basic credentialsttl 2 hours
> 
> 
> 
> a idea of my errors ?

Different binary being run?

 ./basic_ldap_auth seems to work
 /usr/lib64/squid/basic_ldap_auth does not

So what is the full path of that './' ?

Your test was in the root account so it is it actually
/root/basic_ldap_auth that is working ?


Line-wrap in your squid.conf?
 You can manually wrap by using '\' characters at the end of squid.conf
lines followed by some whitespace indentation on the next line.


Try adding -d (lower case) to the parameter list and checking if
anything more useful gets logged in the debug trace.


Amos

More information about the squid-users mailing list