Hi Yong, I mean i found the error. i installed a squid 2.5.Stable6 Version and it yust works. The squid version 2.5.Stable7 dont`t work. The squid_ldap_group file from stbale 2.7 is bigger. here is a diffrent. Or is this a compiling problem. I compile with ./configure --prefix=/usr/local/squid . Is this correct ?
Regard Joachim -----Urspr�ngliche Nachricht----- Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 13. Januar 2005 08:00 An: Joachim JS. Schuster Betreff: Re: AW: AW: [squid-users] authentication problem with squid_ldap_group Hi Joachim, I am using squid-2.5.STABLE5-2, comes with FC2. Actually for your case, is it when you do it from command prompt, its ok but from browser it cannot pass through? I had a case before when I got OK from terminal but on browser it cannot go through. It just kept reprompting for username and password from the browser. Then I changed the %u -> %v and %g -> %a and worked. regards Yong Joachim JS. Schuster wrote: >Hi Yong, >What squid version do you use ? > >regards > >Joachim > > >-----Urspr�ngliche Nachricht----- >Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] >Gesendet: Donnerstag, 13. Januar 2005 01:27 >An: Joachim JS. Schuster >Betreff: Re: AW: [squid-users] authentication problem with squid_ldap_group > > >Hi Joachim, > > This is my acl which works. Maybe you can copy exactly mine, >especially the order of the http_access part. And see if it works. > >acl all src 0.0.0.0/0.0.0.0 >acl manager proto cache_object >acl localhost src 127.0.0.1/255.255.255.255 >acl to_localhost dst 127.0.0.0/8 >acl SSL_ports port 443 563 >acl Safe_ports port 80 # http >acl Safe_ports port 21 # ftp >acl Safe_ports port 443 563 # https, snews >acl Safe_ports port 70 # gopher >acl Safe_ports port 210 # wais >acl Safe_ports port 1025-65535 # unregistered ports >acl Safe_ports port 280 # http-mgmt >acl Safe_ports port 488 # gss-http >acl Safe_ports port 591 # filemaker >acl Safe_ports port 777 # multiling http >acl CONNECT method CONNECT >acl ldap_group-admin external ldap_group admin > > > >http_access allow manager localhost >http_access allow manager >http_access allow ldap_group-admin >http_access deny !Safe_ports >http_access deny CONNECT !SSL_ports >http_access allow localhost >http_access deny all > >Regards >Yong > > >Joachim JS. Schuster wrote: > > > >>Hi, >>Please have a look on the lines below: >> >> >>acl all src 0.0.0.0/0.0.0.0 >>acl manager proto cache_object >>acl localhost src 127.0.0.1/255.255.255.255 >>acl to_localhost dst 127.0.0.0/8 >>acl SSL_ports port 443 563 >>acl Safe_ports port 80 >>acl Safe_ports port 21 >>acl Safe_ports port 443 563 >>acl Safe_ports port 70 >>acl Safe_ports port 210 >>acl Safe_ports port 1025-65535 >>acl Safe_ports port 280 >>acl Safe_ports port 488 >>acl Safe_ports port 591 >>acl Safe_ports port 777 >>acl CONNECT method CONNECT >>acl ldapproxygroup external ldapgroup webaccess >> >>http_access allow manager localhost >>http_access deny manager >>http_access deny !Safe_ports >>http_access deny CONNECT !SSL_ports >>http_access allow ldapproxygroup >>http_access deny all >> >>Regards >> >>Joachim >> >> >>-----Urspr�ngliche Nachricht----- >>Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] >>Gesendet: Mittwoch, 12. Januar 2005 02:29 >>An: Joachim JS. Schuster >>Betreff: Re: [squid-users] authentication problem with >>squid_ldap_group >> >> >>Hi Joachim, >> >> Can you post your acl list and http_access? >>Maybe we can spot some mistakes from your acl and http_access. >> >> >> >>Joachim JS. Schuster wrote: >> >> >> >> >> >>>Dear squid users, >>>I need help about my authentifaction problem with squid_ldap_group. >>> >>>first i create a entry for squid_ldap_auth. i can login and i have >>>web access and it works fine. >>> >>>auth_param basic program /usr/sbin/squid_ldap_auth -P -R -b >>>"dc=mb,dc=local" -D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998 >>>-f "(&(sAMAccountName=%s)(objectClass=Person))" -h 192.168.3.1 acl >>>USERS proxy_auth REQUIRED >>> >>>http_access allow USERS >>> >>>in the next step i create this lines for my ldap group access. >>> >>>external_acl_type ldapgroup concurrency=15 %LOGIN >>>/usr/sbin/squid_ldap_group -P -R -b "ou=intern,dc=mb,dc=local" -f >>>"(&(cn=%g)(member=%u))" -F >>>"(&(sAMAccountName=%s)(objectClass=Person))" >>>-D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1 >>> >>>acl ldapproxygroup external ldapgroup webaccess >>> >>>http_access allow ldapproxygroup >>> >>>i can login but i have no webaccess. i see the 407 error access >>>denied in squid conf. >>> >>>when i execute >>> >>>heins:~ # /usr/sbin/squid_ldap_group -P -R -b >>>"ou=intern,dc=mb,dc=local" -f "(&(cn=%g)(member=%u))" -F >>>"(&(sAMAccountName=%s)(objectClass=Person))" -D >>>"cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1 cwm >>>webaccess OK >>> >>>i get ok but the user cwm can�t use the proxy. >>> >>>Thank you for all the help. >>> >>>Best Regards >>> >>>Joachim >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > >
