On 11/06/2013 2:49 a.m., osm...@eti.biocubafarma.cu wrote:
Hi,
I've succcessfully made squid authenticate against an AD environment
but now I would like to use access groups I've defined in the AD
itself. I have an group called Internet and another called somesites.
Internet group would have full internet access as it's name suggests
and somesites group would have access to a limited number of sites.
This is what I have so far in my squid.conf
external_acl_type Group ttl=1 %LOGIN /usr/lib/squid3/squid_ldap_group
-d -R -K -b dc=domain,dc=com -D sq...@domain.com -W
/etc/squid3/ldappass -f
((objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=domain,dc=com))
-h dc1.domain.com
acl password proxy_auth REQUIRED
acl GroupInternet external Group internet
acl Groupsomesites external Group somesites
acl sites dstdomain /etc/squid3/sitesfile
http_access allow sites password Groupsomesites
http_access allow password GroupInternet
http_access deny all
So far what I've achieved was that squid asks for the first group but
it does not ask for the second group. At least that's what the cache
log tells me when I put it in debug level 9.
It asks for user somesites when it validates the first http_access
but when it goes to the second http_access it doesn't ask for user
internet, it's like it doesn't know what to do with it.
the version of squid is 3.1.19 by the way.
Please help me with this. I am stuck.
Can you upgrade? the code relating to this has undergone significant
changes since your version.
Not getting a query at all to the helper does look like a bug. The first
step is to test the latest release to ensure it has not already been
resolved in the year or so since your release was published. Any patches
which you receive from the development team will be built on the current
supported version (which is 3.3.5 today).
Amos
