AW: AW: AW: [squid-users] authentication problem with squid_ldap_group
Hello Yong, I compiled squid version 2.5STABLE6 with ./configure --prefix=/usr/local/squid --enable-external-acl-helpers and it works. When i use the same command with squid2.5 STABLE7 it don`t works. Do you have a idea why not ? Regard Joachim -Ursprüngliche Nachricht- Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 14. Januar 2005 01:23 An: Joachim JS. Schuster Betreff: AW: AW: AW: [squid-users] authentication problem with squid_ldap_group Hi Joachim, I don't think its compiling problem. You can just compile with ./configure Ever think of trying out with rpm ? Regards Yong Hi Yong, I mean i found the error. i installed a squid 2.5.Stable6 Version and it yust works. The squid version 2.5.Stable7 dont`t work. The squid_ldap_group file from stbale 2.7 is bigger. here is a diffrent. Or is this a compiling problem. I compile with ./configure --prefix=/usr/local/squid . Is this correct ? Regard Joachim
AW: AW: AW: [squid-users] authentication problem with squid_ldap_group
Hi Yong, I mean i found the error. i installed a squid 2.5.Stable6 Version and it yust works. The squid version 2.5.Stable7 dont`t work. The squid_ldap_group file from stbale 2.7 is bigger. here is a diffrent. Or is this a compiling problem. I compile with ./configure --prefix=/usr/local/squid . Is this correct ? Regard Joachim -Ursprüngliche Nachricht- Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 13. Januar 2005 08:00 An: Joachim JS. Schuster Betreff: Re: AW: AW: [squid-users] authentication problem with squid_ldap_group Hi Joachim, I am using squid-2.5.STABLE5-2, comes with FC2. Actually for your case, is it when you do it from command prompt, its ok but from browser it cannot pass through? I had a case before when I got OK from terminal but on browser it cannot go through. It just kept reprompting for username and password from the browser. Then I changed the %u - %v and %g - %a and worked. regards Yong Joachim JS. Schuster wrote: Hi Yong, What squid version do you use ? regards Joachim -Ursprüngliche Nachricht- Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 13. Januar 2005 01:27 An: Joachim JS. Schuster Betreff: Re: AW: [squid-users] authentication problem with squid_ldap_group Hi Joachim, This is my acl which works. Maybe you can copy exactly mine, especially the order of the http_access part. And see if it works. acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl ldap_group-admin external ldap_group admin http_access allow manager localhost http_access allow manager http_access allow ldap_group-admin http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all Regards Yong Joachim JS. Schuster wrote: Hi, Please have a look on the lines below: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 563 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl ldapproxygroup external ldapgroup webaccess http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow ldapproxygroup http_access deny all Regards Joachim -Ursprüngliche Nachricht- Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. Januar 2005 02:29 An: Joachim JS. Schuster Betreff: Re: [squid-users] authentication problem with squid_ldap_group Hi Joachim, Can you post your acl list and http_access? Maybe we can spot some mistakes from your acl and http_access. Joachim JS. Schuster wrote: Dear squid users, I need help about my authentifaction problem with squid_ldap_group. first i create a entry for squid_ldap_auth. i can login and i have web access and it works fine. auth_param basic program /usr/sbin/squid_ldap_auth -P -R -b dc=mb,dc=local -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -f ((sAMAccountName=%s)(objectClass=Person)) -h 192.168.3.1 acl USERS proxy_auth REQUIRED http_access allow USERS in the next step i create this lines for my ldap group access. external_acl_type ldapgroup concurrency=15 %LOGIN /usr/sbin/squid_ldap_group -P -R -b ou=intern,dc=mb,dc=local -f ((cn=%g)(member=%u)) -F ((sAMAccountName=%s)(objectClass=Person)) -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -h 192.168.3.1 acl ldapproxygroup external ldapgroup webaccess http_access allow ldapproxygroup i can login but i have no webaccess. i see the 407 error access denied in squid conf. when i execute heins:~ # /usr/sbin/squid_ldap_group -P -R -b ou=intern,dc=mb,dc=local -f ((cn=%g)(member=%u)) -F ((sAMAccountName=%s)(objectClass=Person)) -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -h 192.168.3.1 cwm webaccess OK i get ok but the user cwm can´t use the proxy. Thank you for all the help. Best Regards Joachim
AW: [squid-users] authentication problem with squid_ldap_group
Hallo Henrik, I can`t find the discription for -d and for the -S flag in the documentation. Can you tell me how i must use it ? Regards Joachim -Ursprüngliche Nachricht- Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. Januar 2005 16:11 An: Oliver Hookins Cc: squid-users@squid-cache.org; Joachim JS. Schuster Betreff: Re: [squid-users] authentication problem with squid_ldap_group On Wed, 12 Jan 2005, Oliver Hookins wrote: The only thing I could suggest is trying the -S parameter anyway. I don't know any really good ways to find out what is happening, unless you can write a test-program to replace squid_ldap_group that logs what options and input were passed to it. It either works or it doesn't! The -d flag to squid_ldap_group makes it more verbose about it's operations. Regards Henrik
AW: AW: [squid-users] authentication problem with squid_ldap_group
Hi Yong, What squid version do you use ? regards Joachim -Ursprüngliche Nachricht- Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 13. Januar 2005 01:27 An: Joachim JS. Schuster Betreff: Re: AW: [squid-users] authentication problem with squid_ldap_group Hi Joachim, This is my acl which works. Maybe you can copy exactly mine, especially the order of the http_access part. And see if it works. acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl ldap_group-admin external ldap_group admin http_access allow manager localhost http_access allow manager http_access allow ldap_group-admin http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all Regards Yong Joachim JS. Schuster wrote: Hi, Please have a look on the lines below: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 563 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl ldapproxygroup external ldapgroup webaccess http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow ldapproxygroup http_access deny all Regards Joachim -Ursprüngliche Nachricht- Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. Januar 2005 02:29 An: Joachim JS. Schuster Betreff: Re: [squid-users] authentication problem with squid_ldap_group Hi Joachim, Can you post your acl list and http_access? Maybe we can spot some mistakes from your acl and http_access. Joachim JS. Schuster wrote: Dear squid users, I need help about my authentifaction problem with squid_ldap_group. first i create a entry for squid_ldap_auth. i can login and i have web access and it works fine. auth_param basic program /usr/sbin/squid_ldap_auth -P -R -b dc=mb,dc=local -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -f ((sAMAccountName=%s)(objectClass=Person)) -h 192.168.3.1 acl USERS proxy_auth REQUIRED http_access allow USERS in the next step i create this lines for my ldap group access. external_acl_type ldapgroup concurrency=15 %LOGIN /usr/sbin/squid_ldap_group -P -R -b ou=intern,dc=mb,dc=local -f ((cn=%g)(member=%u)) -F ((sAMAccountName=%s)(objectClass=Person)) -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -h 192.168.3.1 acl ldapproxygroup external ldapgroup webaccess http_access allow ldapproxygroup i can login but i have no webaccess. i see the 407 error access denied in squid conf. when i execute heins:~ # /usr/sbin/squid_ldap_group -P -R -b ou=intern,dc=mb,dc=local -f ((cn=%g)(member=%u)) -F ((sAMAccountName=%s)(objectClass=Person)) -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -h 192.168.3.1 cwm webaccess OK i get ok but the user cwm can´t use the proxy. Thank you for all the help. Best Regards Joachim
[squid-users] authentication problem with squid_ldap_group
Dear squid users, I need help about my authentifaction problem with squid_ldap_group. first i create a entry for squid_ldap_auth. i can login and i have web access and it works fine. auth_param basic program /usr/sbin/squid_ldap_auth -P -R -b dc=mb,dc=local -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -f ((sAMAccountName=%s)(objectClass=Person)) -h 192.168.3.1 acl USERS proxy_auth REQUIRED http_access allow USERS in the next step i create this lines for my ldap group access. external_acl_type ldapgroup concurrency=15 %LOGIN /usr/sbin/squid_ldap_group -P -R -b ou=intern,dc=mb,dc=local -f ((cn=%g)(member=%u)) -F ((sAMAccountName=%s)(objectClass=Person)) -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -h 192.168.3.1 acl ldapproxygroup external ldapgroup webaccess http_access allow ldapproxygroup i can login but i have no webaccess. i see the 407 error access denied in squid conf. when i execute heins:~ # /usr/sbin/squid_ldap_group -P -R -b ou=intern,dc=mb,dc=local -f ((cn=%g)(member=%u)) -F ((sAMAccountName=%s)(objectClass=Person)) -D cn=squid,cn=users,dc=mb,dc=local -w secret1998 -h 192.168.3.1 cwm webaccess OK i get ok but the user cwm can´t use the proxy. Thank you for all the help. Best Regards Joachim
