Dear Pluggers,
We're currently evaluating Squid2.5 and ISA 2004.
However, we can't make (Squid2.5/Fedora3) authenticate to Windows
2003 Active Directory using squid_ldap_auth. We've followed
several internet howto's but can't get past the logon screen.
We're attaching the squid.conf for you to see if we missed
anything. Thanks in Advance.
########################################################################
# Squid port is 3128; change it if you like
http_port 8080
visible_hostname cache.kfmc.med
# disable icp
icp_port 0
# the WebCleaner parent proxy
# Remember to configure WebCleaner to run on port 8080 or change the
# port number below
#cache_peer 127.0.0.1 parent 8080 0 no-query no-digest
cache_peer proxy.alharbitelecom.com parent 8080 0 no-query default
# if you enabled a WebCleaner user and password use this instead:
#cache_peer proxy.alharbitelecom.com parent 8080 0 no-query
no-digest login=myuser:mypassword
# some acls
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# proxy authentication examples; if you use one of these, also enable the
# "myauth" acl below
# note: used paths are for a Debian Linux system, adjust as needed
#Squid LDAP Authentication
auth_param basic program /usr/lib/squid/squid_ldap_auth -R
-b "dc=kfmc,dc=med"
-D "cn=lbenitez,cn=Users,dc=kfmc,dc=med"
-w "password" -f sAMAccountName=%s -h 10.20.4.20
auth_param basic children 5
auth_param basic realm KFMC.MED
auth_param basic credentialsttl 6 minutes
#Configuring Group Based Internet Access
external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
-b "dc=kfmc,dc=med"
-D "cn=lbenitez,cn=Users,dc=kfmc,dc=med"
-w "password" -f "((&objectclass=person) (sAMAccountName=%v)
(memberoff=cn=%a,ou=Users,dc=kfmc,dc=med)) -h 10.20.4.21
acl localnet proxy_auth REQUIRED src 10.20.0.0/16
acl InetAccess external InetGroup kfmc
http_access allow localnet InetAccess
# Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 10.20.0.0/16
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
#acl CONNECT method CONNECT
#acl FTP proto FTP
# Only allow cachemgr access from localhost
http_access allow all manager localhost
# Only allow purge requests from localhost
http_access allow purge
# localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# my own rules
http_access allow all localhost localnet
# And finally deny all other access to this proxy
http_access deny all
--
_______________________________________________
NEW! Lycos Dating Search. The only place to search multiple dating sites at
once.
http://datingsearch.lycos.com
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
