<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><font size="3">Hi everybody,</font><div><font size="3"><br></font></div><div><font size="3">I am newbie with Squid3. I am trying to integrate my squid con with Active Directory. Squid works well in non-transparent mode. </font></div><div><font size="3">I followed this tutorial: <a href="http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy#Authentication" target="_blank">http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy#Authentication</a> for the set up.</font></div><div><font size="3">I need to authenticate <span style="line-height: 17px; background-color: rgb(255, 255, 255);">clients not authenticated via Kerberos</span> and users authenticated in the AD.</font></div><div><font size="3"><br></font></div><div><font size="3">I installed squid3 and ldap-utils from repositories (over Debian Jessie), but i canīt find some libraries such as <span style="line-height: 1.1em; background-color: rgb(249, 249, 249);"><font face="Courier New, sans-serif">/usr/lib/squid3/squid_ldap_group</font> and </span><span style="line-height: 1.1em; background-color: rgb(249, 249, 249);"><font face="Courier New, sans-serif">/usr/lib/squid3/squid_ldap_auth. </font>They are not in the expected directories. I used <font face="Courier New, sans-serif">apt-file search </font>but with no results.</span></font></div><div><font size="3"><span style="line-height: 1.1em; background-color: rgb(249, 249, 249);"><br></span></font></div><div><font size="3"><span style="line-height: 1.1em; background-color: rgb(249, 249, 249);">These are the libraries in the /usr/lib/squid3 dir:</span></font></div><div><font size="3"><span style="background-color: rgb(249, 249, 249);"><div><span style="line-height: 17.6px;">basic_db_auth<span class="Apple-tab-span" style="white-space: pre;"> </span> </span></div><div><span style="line-height: 17.6px;">basic_radius_auth<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span></span></div><div><span style="line-height: 17.6px;">basic_fake_auth<span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_sasl_auth<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_getpwnam_auth<span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_smb_auth<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_ldap_auth<span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_smb_auth.sh<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_msnt_auth<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_msnt_multi_domain_auth <span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_ncsa_auth<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_nis_auth<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span></span></div><div><span style="line-height: 17.6px;">basic_pam_auth<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">basic_pop3_auth<span class="Apple-tab-span" style="white-space:pre"> </span> </span></div><div><span style="line-height: 17.6px;">cert_tool</span><span class="Apple-tab-span" style="line-height: 17.6px; white-space: pre;"> </span></div><div><span style="line-height: 17.6px;">digest_ldap_auth</span></div><div><span style="line-height: 17.6px;"> diskd</span></div><div><span style="line-height: 17.6px;">digest_file_auth</span></div><div><span style="line-height: 17.6px;">ext_kerberos_ldap_group_acl </span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ext_ldap_group_acl</span><span class="Apple-tab-span" style="line-height: 17.6px; white-space: pre;"> </span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ext_file_userip_acl</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ext_unix_group_acl</span><span class="Apple-tab-span" style="line-height: 17.6px; white-space: pre;"> </span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ext_sql_session_acl</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ext_session_acl</span><span class="Apple-tab-span" style="line-height: 17.6px; white-space: pre;"> </span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ext_ldap_group_acl</span><span class="Apple-tab-span" style="line-height: 17.6px; white-space: pre;"> </span><span style="line-height: 17.6px;"> </span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ext_wbinfo_group_acl</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">helper-mux.pl</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">log_db_daemon</span><span class="Apple-tab-span" style="line-height: 17.6px; white-space: pre;"> </span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">log_file_daemon</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">negotiate_wrapper_auth</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;"> negotiate_wrapper_auth</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">negotiate_kerberos_auth_test </span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ntlm_fake_auth</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">pinger</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">storeid_file_rewrite</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">unlinkd</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;"> url_fake_rewrite.sh</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">negotiate_kerberos_auth</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;"> </span><span style="line-height: 17.6px;">url_fake_rewrite</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;">ntlm_smb_lm_auth</span></div><div style="line-height: 1.1em;"><span style="line-height: 17.6px;"><br></span></div><div style="line-height: 1.1em;">I can't test if an user belongs to a group as shown here</div><div style="line-height: 1.1em;"><pre style="font-family: monospace, Courier; padding: 1em; border: 1px dashed rgb(47, 111, 171); line-height: 1.1em; font-size: 12.7px;">/usr/lib/squid3/squid_ldap_group -R -K -S -b <span style="background-color: yellow;">"dc=example,dc=local"</span> -D squid@<span style="background-color: yellow;">example.local</span> -W /etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,<span style="background-color: yellow;">ou=Security Groups,ou=MyBusiness,dc=example,dc=local</span>))" -h <span style="background-color: yellow;">dc1.example.local</span>
<span style="background-color: yellow;">EXAMPLE</span>\Username Internet%20Users%20Standard</pre></div><div style="line-height: 1.1em;">I had to use ext_wbinfo_group_acl to perform that test.</div><div style="line-height: 1.1em;"><br></div><div style="line-height: 1.1em;">Because of the missing libraries, I can't create the authentication for users not authenticated with Kerberos/NTLM:</div><div style="line-height: 1.1em;"><pre style="font-family: monospace, Courier; padding: 1em; border: 1px dashed rgb(47, 111, 171); line-height: 1.1em; font-size: 12.7px;">auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b <span style="background-color: yellow;">"dc=example,dc=local"</span> -D squid@<span style="background-color: yellow;">example.local</span> -W /etc/squid3/ldappass.txt -f sAMAccountName=%s -h <span style="background-color: yellow;">dc1.example.local</span>
</pre><div><span style="line-height: 1.1em;">and cannot create the LDAP authorisation for groups:</span></div><div><pre style="font-family: monospace, Courier; padding: 1em; border: 1px dashed rgb(47, 111, 171); line-height: 1.1em; font-size: 12.7px;">external_acl_type memberof %LOGIN /usr/lib/squid3/squid_ldap_group -R -K -S -b <span style="background-color: yellow;">"dc=example,dc=local"</span> -D squid@<span style="background-color: yellow;">example.local</span> -W /etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,<span style="background-color: yellow;">ou=Security Groups,ou=MyBusiness,dc=example,dc=local</span>))" -h <span style="background-color: yellow;">dc1.example.local</span>
</pre></div><div><span style="background-color: yellow;"><br></span></div></div><div style="line-height: 1.1em;">Why those libraries does not exists? Can I perform the same authentications using others? </div><div style="line-height: 1.1em;"><br></div></span></font></div> </div></body>
</html>