[squid-users] LDAP authentication from android and iphones
L.P.H. van Belle
belle at bazuin.nl
Wed May 29 07:04:18 UTC 2019
Hai,
You are probely missing in you smb.conf:
ntlm auth = yes
Greetz,
Louis
Van: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] Namens Ilias Clifton
Verzonden: woensdag 29 mei 2019 6:42
Aan: squid-users at lists.squid-cache.org
Onderwerp: [squid-users] LDAP authentication from android and iphones
Hi All,
I have Squid 3.5.27 running on Ubuntu 18.04.2, and have been unsuccesfull in being able to authenticate users via ldap (kerberos is working well)
Currently it's iphone and android users that are having the issue - all other users are authenticating via kerberos.
In squid.conf, I have:
auth_param basic program /usr/lib/squid/basic_ldap_auth -d -R -b "OU=users,DC=domain,DC=com" -D squid at domain.com -W /etc/squid/ldappass.txt -f sAMAccountName=%s -h dc.domain.com
When a user attempts to browse via the proxy, I see in access.log:
1559096820.116 0 10.99.88.77 TCP_DENIED/407 2248 GET http://www.google.com - HIER_NONE/- text/html
And the user is prompted for a username and password..
I then see in cache.log:
basic_ldap_auth.cc(691): pid=32625 :user filter 'sAMAccountName=username', searchbase 'OU=users,DC=domain,DC=com'
basic_ldap_auth.cc(746): pid=32625 :attempting to authenticate user 'CN=Users Fullname,OU=users,DC=domain,DC=com'
But the user just keeps getting prompted for username and password over and over, and I continue to see:
1559096820.116 0 10.99.88.77 TCP_DENIED/407 2248 GET http://www.google.com - HIER_NONE/- text/html
If I run the following on the command line, it appears to authenticate correctly:
/usr/lib/squid/basic_ldap_auth -d -R -b "OU=users,DC=domain,DC=com" -D squid at domain.com -W /etc/squid/ldappass.txt -f sAMAccountName=%s -h dc.domain.com
username password
basic_ldap_auth.cc(691): pid=32625 :user filter 'sAMAccountName=username', searchbase 'OU=users,DC=domain,DC=com'
basic_ldap_auth.cc(746): pid=32625 :attempting to authenticate user 'CN=Users Fullname,OU=users,DC=domain,DC=com'
OK
What else can I do for troubleshooting?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190529/77206973/attachment.html>
More information about the squid-users
mailing list