[squid-users] Squid LDAP Auth ?
Olivier CALVANO
o.calvano at gmail.com
Sun Feb 7 06:11:57 UTC 2016
Hi
thanks for your help.
2016-02-07 2:08 GMT+01:00 Amos Jeffries <squid3 at treenet.co.nz>:
> On 7/02/2016 12:01 a.m., Olivier CALVANO wrote:
> > Hi
> >
>
> >Different binary being run?
>
> > ./basic_ldap_auth seems to work
> > /usr/lib64/squid/basic_ldap_auth does not
>
> >So what is the full path of that './' ?
>
it's /usr/lib64/squid/basic_ldap_auth
>
> >Your test was in the root account so it is it actually
> >/root/basic_ldap_auth that is working ?
>
>
yes and if i use a other account (not a root account) that's work too with
/usr/lib64/squid/basic_ldap_auth -R -b 'dc=mydomain,dc=fr' -f
'sAMAccountName=%s' -D 'cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr' -w
'pa77word' -t 3 -H 192.168.10.1
>
> >Line-wrap in your squid.conf?
> > You can manually wrap by using '\' characters at the end of squid.conf
> >lines followed by some whitespace indentation on the next line.
>
>
>
> >Try adding -d (lower case) to the parameter list and checking if
> >anything more useful gets logged in the debug trace.
>
No more information:
----------
basic_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
2016/02/07 07:08:05.477 kid1| client_side_request.cc(786)
clientAccessCheckDone: The request CONNECT tiles.services.mozilla.com:443
is AUTH_REQUIRED, because it matched 'Winbind'
2016/02/07 07:08:05.477 kid1| errorpage.cc(1281) BuildContent: No existing
error page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default
error file.
2016/02/07 07:08:05.477 kid1| store.cc(995) checkCachable:
StoreEntry::checkCachable: NO: not cachable
2016/02/07 07:08:05.477 kid1| client_side_reply.cc(1983)
processReplyAccessResult: The reply for CONNECT
tiles.services.mozilla.com:443 is ALLOWED, because it matched 'Winbind'
2016/02/07 07:08:05.477 kid1| client_side.cc(1375) sendStartOfMessage: HTTP
Client local=192.168.10.1:8080 remote=192.168.10.100:51957 FD 16 flags=1
2016/02/07 07:08:05.477 kid1| client_side.cc(1376) sendStartOfMessage: HTTP
Client REPLY:
---------
HTTP/1.1 407 Proxy Authentication Required
Server: squid/3.3.8
Mime-Version: 1.0
Date: Sun, 07 Feb 2016 06:08:05 GMT
Content-Type: text/html
Content-Length: 3474
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="MyTest"
X-Cache: MISS from gw.mylocalhost.fr
X-Cache-Lookup: NONE from gw.mylocalhost.fr:8080
Via: 1.1 gw.mylocalhost.fr (squid/3.3.8)
Connection: keep-alive
----------
2016/02/07 07:08:11.636 kid1| TcpAcceptor.cc(197) doAccept: New connection
on FD 26
2016/02/07 07:08:11.636 kid1| TcpAcceptor.cc(272) acceptNext: connection on
local=[::]:8080 remote=[::] FD 26 flags=9
2016/02/07 07:08:11.637 kid1| client_side.cc(2321) parseHttpRequest: HTTP
Client local=192.168.10.1:8080 remote=192.168.10.100:51964 FD 18 flags=1
2016/02/07 07:08:11.637 kid1| client_side.cc(2322) parseHttpRequest: HTTP
Client REQUEST:
---------
CONNECT 0.client-channel.google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: 0.client-channel.google.com:443
----------
2016/02/07 07:08:11.637 kid1| client_side_request.cc(786)
clientAccessCheckDone: The request CONNECT 0.client-channel.google.com:443
is AUTH_REQUIRED, because it matched 'Winbind'
2016/02/07 07:08:11.637 kid1| errorpage.cc(1281) BuildContent: No existing
error page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default
error file.
2016/02/07 07:08:11.637 kid1| store.cc(995) checkCachable:
StoreEntry::checkCachable: NO: not cachable
2016/02/07 07:08:11.637 kid1| client_side_reply.cc(1983)
processReplyAccessResult: The reply for CONNECT
0.client-channel.google.com:443 is ALLOWED, because it matched 'Winbind'
2016/02/07 07:08:11.637 kid1| client_side.cc(1375) sendStartOfMessage: HTTP
Client local=192.168.10.1:8080 remote=192.168.10.100:51964 FD 18 flags=1
2016/02/07 07:08:11.637 kid1| client_side.cc(1376) sendStartOfMessage: HTTP
Client REPLY:
---------
HTTP/1.1 407 Proxy Authentication Required
Server: squid/3.3.8
Mime-Version: 1.0
Date: Sun, 07 Feb 2016 06:08:11 GMT
Content-Type: text/html
Content-Length: 3379
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="MyTest"
X-Cache: MISS from gw.mylocalhost.fr
X-Cache-Lookup: NONE from gw.mylocalhost.fr:8080
Via: 1.1 gw.mylocalhost.fr (squid/3.3.8)
Connection: keep-alive
----------
2016/02/07 07:08:11.654 kid1| client_side.cc(2321) parseHttpRequest: HTTP
Client local=192.168.10.1:8080 remote=192.168.10.100:51964 FD 18 flags=1
2016/02/07 07:08:11.654 kid1| client_side.cc(2322) parseHttpRequest: HTTP
Client REQUEST:
---------
CONNECT 0.client-channel.google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: 0.client-channel.google.com:443
----------
2016/02/07 07:08:11.654 kid1| client_side_request.cc(786)
clientAccessCheckDone: The request CONNECT 0.client-channel.google.com:443
is AUTH_REQUIRED, because it matched 'Winbind'
2016/02/07 07:08:11.654 kid1| errorpage.cc(1281) BuildContent: No existing
error page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default
error file.
2016/02/07 07:08:11.655 kid1| store.cc(995) checkCachable:
StoreEntry::checkCachable: NO: not cachable
2016/02/07 07:08:11.655 kid1| client_side_reply.cc(1983)
processReplyAccessResult: The reply for CONNECT
0.client-channel.google.com:443 is ALLOWED, because it matched 'Winbind'
2016/02/07 07:08:11.655 kid1| client_side.cc(1375) sendStartOfMessage: HTTP
Client local=192.168.10.1:8080 remote=192.168.10.100:51964 FD 18 flags=1
2016/02/07 07:08:11.655 kid1| client_side.cc(1376) sendStartOfMessage: HTTP
Client REPLY:
---------
HTTP/1.1 407 Proxy Authentication Required
Server: squid/3.3.8
Mime-Version: 1.0
Date: Sun, 07 Feb 2016 06:08:11 GMT
Content-Type: text/html
Content-Length: 3379
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="MyTest"
X-Cache: MISS from gw.mylocalhost.fr
X-Cache-Lookup: NONE from gw.mylocalhost.fr:8080
Via: 1.1 gw.mylocalhost.fr (squid/3.3.8)
Connection: keep-alive
----------
2016/02/07 07:08:20.082 kid1| client_side.cc(2321) parseHttpRequest: HTTP
Client local=192.168.10.1:8080 remote=192.168.10.100:51964 FD 18 flags=1
2016/02/07 07:08:20.082 kid1| client_side.cc(2322) parseHttpRequest: HTTP
Client REQUEST:
---------
CONNECT 0.client-channel.google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: 0.client-channel.google.com:443
----------
2016/02/07 07:08:20.082 kid1| client_side_request.cc(786)
clientAccessCheckDone: The request CONNECT 0.client-channel.google.com:443
is AUTH_REQUIRED, because it matched 'Winbind'
2016/02/07 07:08:20.083 kid1| errorpage.cc(1281) BuildContent: No existing
error page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default
error file.
2016/02/07 07:08:20.083 kid1| store.cc(995) checkCachable:
StoreEntry::checkCachable: NO: not cachable
2016/02/07 07:08:20.083 kid1| client_side_reply.cc(1983)
processReplyAccessResult: The reply for CONNECT
0.client-channel.google.com:443 is ALLOWED, because it matched 'Winbind'
2016/02/07 07:08:20.083 kid1| client_side.cc(1375) sendStartOfMessage: HTTP
Client local=192.168.10.1:8080 remote=192.168.10.100:51964 FD 18 flags=1
2016/02/07 07:08:20.083 kid1| client_side.cc(1376) sendStartOfMessage: HTTP
Client REPLY:
---------
HTTP/1.1 407 Proxy Authentication Required
Server: squid/3.3.8
Mime-Version: 1.0
Date: Sun, 07 Feb 2016 06:08:20 GMT
Content-Type: text/html
Content-Length: 3379
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="MyTest"
X-Cache: MISS from gw.mylocalhost.fr
X-Cache-Lookup: NONE from gw.mylocalhost.fr:8080
Via: 1.1 gw.mylocalhost.fr (squid/3.3.8)
Connection: keep-alive
----------
>
>
> >Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160207/c7b99043/attachment-0001.html>
More information about the squid-users
mailing list