Re: [squid-users] LDAP authentication from android and iphones

Wed, 29 May 2019 00:04:57 -0700 

Hai, 
 
You are probely missing in you smb.conf: 
 
ntlm auth = yes 
 
 
Greetz, 
 
Louis
 

Van: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Namens 
Ilias Clifton
Verzonden: woensdag 29 mei 2019 6:42
Aan: squid-users@lists.squid-cache.org
Onderwerp: [squid-users] LDAP authentication from android and iphones



Hi All,
 
I have Squid 3.5.27 running on Ubuntu 18.04.2, and have been unsuccesfull in 
being able to authenticate users via ldap (kerberos is working well)
 
Currently it's iphone and android users that are having the issue - all other 
users are authenticating via kerberos.
 
In squid.conf, I have:
auth_param basic program /usr/lib/squid/basic_ldap_auth -d -R -b 
"OU=users,DC=domain,DC=com" -D sq...@domain.com -W /etc/squid/ldappass.txt -f 
sAMAccountName=%s -h dc.domain.com
 
When a user attempts to browse via the proxy, I see in access.log:
 
1559096820.116      0 10.99.88.77 TCP_DENIED/407 2248 GET http://www.google.com 
- HIER_NONE/- text/html
 
And the user is prompted for a username and password..
 
I then see in cache.log:
 
basic_ldap_auth.cc(691): pid=32625 :user filter 'sAMAccountName=username', 
searchbase 'OU=users,DC=domain,DC=com'
basic_ldap_auth.cc(746): pid=32625 :attempting to authenticate user 'CN=Users 
Fullname,OU=users,DC=domain,DC=com'
 
But the user just keeps getting prompted for username and password over and 
over, and I continue to see:
 
1559096820.116      0 10.99.88.77 TCP_DENIED/407 2248 GET http://www.google.com 
- HIER_NONE/- text/html
 
 
If I run the following on the command line, it appears to authenticate 
correctly:
 
/usr/lib/squid/basic_ldap_auth -d -R -b "OU=users,DC=domain,DC=com" -D 
sq...@domain.com -W /etc/squid/ldappass.txt -f sAMAccountName=%s -h 
dc.domain.com
username password
 
basic_ldap_auth.cc(691): pid=32625 :user filter 'sAMAccountName=username', 
searchbase 'OU=users,DC=domain,DC=com'
basic_ldap_auth.cc(746): pid=32625 :attempting to authenticate user 'CN=Users 
Fullname,OU=users,DC=domain,DC=com'
OK
 
 
What else can I do for troubleshooting?
 
 


_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to