[squid-users] Squid Authentication - Problems

[Marcio Demetrio Bacci]

Hi

I have tried to use only Kerberos authentication, but didn't work! I have
already used the 3 way below:

1) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth
2) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s
GSS_C_NO_NAME -i
3) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s
HTTP/proxy.cms.ensino.br at CMS.ENSINO.BR

Now, kerberos and NTLM together is OK with Windows worstations, but with
Linux appear the message in my Browser: "cache denied access".
Thus, I have used the basic_ldap_auth to Linux machines.

Following is authentication block the my squid.conf:

### Kerberos and NTLM ###
auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth -d
--ntlm /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=CMS --kerberos
/usr/lib/squid3/negotiate_kerberos_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 10
auth_param negotiate keep_alive off

### LDAP ###
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b
DC=cms,DC=ensino,DC=br -D CN=proxy,CN=Users,DC=cms,DC=ensino,DC=br -w
passwd -h 192.168.200.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s"
auth_param basic children 50
auth_param basic realm "Acesso Monitorado - CMS"
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off

Now I would like to identify groups of the users (admins, managers and
domain users) to create access profiles. How can I do this?
ext_ldap_group_acl or ext_kerberos_ldap_group_acl ?

Regards,
Márcio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160905/2edf2c89/attachment.html>