[squid-users] Antwort: RE: [squid-users] Squid LDAP Group authentication
No still the same. I still can use any user to access internet. Here is my conf accoding to your suggestion:- external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b dc=test,dc=eu -D cn=test,cn=Users,dc=test,dc=eu -w test -f ((objectclass=person)(sAMAccountName=%v)(memberof=cn=Testgroup, ,OU=Testgroup,OU=Users,dc=test,dc=eu)) -h xxx.xxx.xxx.xxx acl ldap proxy_auth REQUIRED acl Localnet external Internet Testgroup http_access allow ldap Localnet Safe_ports Best Regards, Saqib |-+---| | Janco van der Merwe | | | [EMAIL PROTECTED]| | | | An| | 06.09.2006 14:19 | Saqib| | | Khan | | | (horiba/eu| | | )| | | saqib.kha| | | [EMAIL PROTECTED]| | | om, | | | squid-use| | | [EMAIL PROTECTED]| | | ache.org | | | squid-use| | | [EMAIL PROTECTED]| | | ache.org | | | Kopie| | | | | | Thema| | | RE: | | | [squid-use| | | rs] Squid | | | LDAP Group| | | authentica| | | tion | | | | | | | | | | | | | | | | | | | |-+---| Under “TAG: auth_param” section enter the following auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b dc=dunns,dc=co,dc=za -D cn=ldapreader,cn=users,dc=mydomain,dc=com -w ldappassword -f sAMAccountName=%s -h xxx.xxx.xxx.xxx Under “TAG: external_acl_type” section enter the following external_acl_type internetusergroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b dc=mydomain,dc=com -D cn=ldapreader,cn=Users,dc=mydomain,dc=com -w ldappassword -f ((objectclass=person)(sAMAccountName =%v)(memberof=cn=internetusers, ,OU=xxx Groups,OU=xxx,dc=mydomain,dc=com)) -h xxx.xxx.xxx.xxx acl ldappassword proxy_auth REQUIRED acl internetgroup external internetusergroup internetusers http_access allow ldappassword internetgroup Safe_ports This works Janco v.d Merwe Network Administrator Dunns Stores (PTY) Ltd Switchboard: 011 541 3000 Direct: 011 541 3007 Fax: 086 632 1708 -Original Message- From: Saqib Khan (horiba/eu) [mailto:[EMAIL PROTECTED] Sent: 06 September, 2006 13:47 To: squid-users@squid-cache.org Subject: [squid-users] Squid LDAP Group authentication Dear all, I am having some configuration problems with squid_ldap_group authentication. I created a Testgroup namely Testgroup in AD containing a test user. But If i use a user which is not a member of that group, i still can access the internet. Here is my squid configuration:- Tag:external_ACL external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b dc=test,dc=com -D cn=test,cn=Users,dc=horiba,dc=eu -w test1 -f ((objectclass=person)(sAMAccountName=%v)(memberof=cn =%a,cn=Testgroup,cn=Users,dc=test,dc=com)) -h xxx.xxx.xxx.xxx Tag:ACL acl Localnet external Internet Testgroup Tag:http_access http_access allow Localnet Best Regards, Saqib This communication and any attachments are confidential and intended for the sole use of the intended recipient. Any form of copying
Re: [squid-users] Squid LDAP authentication with 2003 AD
Hi, Please follow the instructions stated in the link below. It's a very easy clear documentation. http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory Best Regards, Saqib |-+---| | Alejandro Decchi| | | [EMAIL PROTECTED] | | | | An| | 01.09.2006 04:43 | squid-use| | | [EMAIL PROTECTED]| | | ache.org,| | | Saqib| | | Khan | | | (horiba/eu| | | )| | | saqib.kha| | | [EMAIL PROTECTED]| | | om | | | Kopie| | | | | | Thema| | | Re: | | | [squid-use| | | rs] Squid | | | LDAP | | | authentica| | | tion with | | | 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| Hi ! my squid friend.Can you explain me how did you do to install everything . A long tome ago i tried but i could not made this method of athentication. Can you give me a hand explain me step by step how this you all I read a lot of article hou to install ldap and squid with active directory but i could not Thz - Original Message - From: Saqib Khan (horiba/eu) [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Friday, September 01, 2006 10:07 AM Subject: [squid-users] Squid LDAP authentication with 2003 AD Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I am sure that it is authenticating the user as if I use a username which is not a member of the group which is meant to be use for internet access, i get the authentication window again again. I also checked it by using a LDAP browser i was able to browse the Active Directory. I am using SuSE 9.1 and squid 2.5 stable. Any Ideas? Best Regards, Saqib
[squid-users] Antwort: Re: [squid-users] Squid LDAP authentication with 2003 AD
Hi, Thanx for the tip. I had to define an additional acl and than it worked. Now the problem is that I would like to allow only members of a specific group to access internet. For this I have the following line in my config file. external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b dc=domain,dc=eu -D cn=test1,cn=Users,dc=domain,dc=eu -w test1 -f ((objectclass=person)(sAMAccountName=%v)(memberof=cn =%a,ou=Users,dc=domain,dc=eu)) -h MyIPAddress Under TAG:ACL acl localnet proxy_auth REQUIRED src xxx.xxx.xxx.xxx/24 acl InetAccess external Internet Testgroup Tag:http_access http_access allow InetAccess This is what i additionaly set up after which the internet was working http_access allow localnet I even defined a denygroup and added a test user but i still can access to internet by using that user. I think somehow the syntax of group authentication is not complete. Best Regards, Saqib |-+---| | Henrik Nordstrom | | | [EMAIL PROTECTED]| | | t| An| | | Saqib Khan (horiba/eu)| | 01.09.2006 16:48 | [EMAIL PROTECTED] | | | Kopie| | | squid-users@squid-cache.org | | | Thema| | | Re: [squid-users] Squid LDAP| | | authentication with 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| On Fri, 2006-09-01 at 15:07 +0200, Saqib Khan (horiba/eu) wrote: Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Which says that the request was denied your http_access directives (or maybe http_reply_access or miss_access). The authentication as such most likely worked fine. Regards Henrik
[squid-users] Antwort: RE: [squid-users] Squid LDAP authentication with 2003 AD
Please use this command to check if you can read the active directory: ldapsearch -b dc=mydomain,dc=eu -D cn=testuser,cn=Users,dc=mydomain,dc=eu -w testuserpassword sAMAccountName=Testgroup -h ADServerIP -x It must show you the structure of your AD tree. Best Regards, Saqib |-+---| | Alejandro Decchi| | | [EMAIL PROTECTED] | | | | An| | 04.09.2006 01:18 | 'Saqib Khan (horiba/eu)'| | | [EMAIL PROTECTED] | | | Kopie| | | squid-users@squid-cache.org | | | Thema| | | RE: [squid-users] Squid LDAP | | | authentication with 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| Did you follow this step by step ? Because I did that but I could not made that user authenticate by active directory. The page say that we do not need samba.The only package that we need are: Squid and Ldap.I install openldap and the Bekerley Db because the Berkeley is need to install open ldap.When I finished to installed all I did that the page explain step by step, but It did not work I hope if you could do this authentication can give a hand. Thz Alejandro Decchi -Mensaje original- De: Saqib Khan (horiba/eu) [mailto:[EMAIL PROTECTED] Enviado el: Lunes, 04 de Septiembre de 2006 05:08 Para: Alejandro Decchi CC: squid-users@squid-cache.org Asunto: Re: [squid-users] Squid LDAP authentication with 2003 AD Hi, Please follow the instructions stated in the link below. It's a very easy clear documentation. http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithA ctiveDirectory Best Regards, Saqib |-+---| | Alejandro Decchi | | | [EMAIL PROTECTED] | | | | An| | 01.09.2006 04:43 | squid-use| | | [EMAIL PROTECTED]| | | ache.org,| | | Saqib | | | Khan | | | (horiba/eu| | | ) | | | saqib.kha| | | [EMAIL PROTECTED]| | | om | | | Kopie| | | | | | Thema| | | Re: | | | [squid-use| | | rs] Squid | | | LDAP | | | authentica| | | tion with | | | 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| Hi ! my squid friend.Can you explain me how did
[squid-users] Squid LDAP authentication with 2003 AD
Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I am sure that it is authenticating the user as if I use a username which is not a member of the group which is meant to be use for internet access, i get the authentication window again again. I also checked it by using a LDAP browser i was able to browse the Active Directory. I am using SuSE 9.1 and squid 2.5 stable. Any Ideas? Best Regards, Saqib
