[squid-users] LDAP authentication from android and iphones
Amos Jeffries
squid3 at treenet.co.nz
Thu May 30 04:36:38 UTC 2019
On 30/05/2019 12:25, Ilias Clifton wrote:
> >> Sent: Wednesday, May 29 2019 6:42
> >> From: Ilias Clifton
> >>
> >> I have Squid 3.5.27 running on Ubuntu 18.04.2, and have been unsuccesfull in being able to authenticate users via ldap (kerberos is working well)
> >>
> >> What else can I do for troubleshooting?
> >>
What I do is take one of the access.log lines and read through the squid.conf (whole thing) to see what squid would do with that transaction. Most 40* status problems are with http_access ordering, so quickly spotted.
If you can provide those details in full im happy to do so for you. Or someone experienced with a similar config may spot the issue.
If that is not possible, then you will need to do the above yourself. debug_options ALL,6 can be used to get a cache.log trace to read if you are not confident doing it by-eye or to double-check the expectations.
> > Sent: Wednesday, May 29, 2019 at 5:04 PM
> > From: "L.P.H. van Belle"
> >
> >
> > Hai,
> >
> > You are probely missing in you smb.conf:
> >
> > ntlm auth = yes
> >
> >
> > Greetz,
> >
> > Louis
>
> I don't have Samba installed on this server - I can authenticate Firefox users via LDAP, just not Android or iPhones.
>
> To authenticate Android and iPhone users - do I need to use NTLM instead?
>
>
You should not have to. NTLM is worse than basic in many regards.
If basic has the right credentials from client (check that) and producing a 407/401 then you have a config issue somewhere.
May not be in squid.conf though, could be LDAP service account, or other permissions in the network between squid and the auth backend. The -d helper option should help track that kind of thing down.
FYI; LDAP is not an auth type. It is just a protocol for contacting the database backend where you store the user account credentials. There may be other ways to contact the aurh backend if necessary. But since your manual test worked I agree it should work for squid too.
Amos
More information about the squid-users
mailing list