RE: [squid-users] Squid LDAP authentication with 2003 AD
Sorry Henrik to be very newbie what is TLS ?? -Mensaje original- De: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Enviado el: Lunes, 04 de Septiembre de 2006 17:56 Para: Alejandro Decchi CC: 'Saqib Khan (horiba/eu)'; squid-users@squid-cache.org Asunto: RE: [squid-users] Squid LDAP authentication with 2003 AD mån 2006-09-04 klockan 08:18 -0300 skrev Alejandro Decchi: Did you follow this step by step ? Because I did that but I could not made that user authenticate by active directory. The page say that we do not need samba.The only package that we need are: Squid and Ldap.I install openldap and the Bekerley Db because the Berkeley is need to install open ldap.When I finished to installed all I did that the page explain step by step, but It did not work You may need to use TLS depending on the settings of your AD security level. Regards Henrik
RE: [squid-users] Squid LDAP authentication with 2003 AD
tis 2006-09-05 klockan 08:34 -0300 skrev Alejandro Decchi: Sorry Henrik to be very newbie what is TLS ?? Encryption. Formerly known as SSL. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid LDAP authentication with 2003 AD
Hi, Please follow the instructions stated in the link below. It's a very easy clear documentation. http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory Best Regards, Saqib |-+---| | Alejandro Decchi| | | [EMAIL PROTECTED] | | | | An| | 01.09.2006 04:43 | squid-use| | | [EMAIL PROTECTED]| | | ache.org,| | | Saqib| | | Khan | | | (horiba/eu| | | )| | | saqib.kha| | | [EMAIL PROTECTED]| | | om | | | Kopie| | | | | | Thema| | | Re: | | | [squid-use| | | rs] Squid | | | LDAP | | | authentica| | | tion with | | | 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| Hi ! my squid friend.Can you explain me how did you do to install everything . A long tome ago i tried but i could not made this method of athentication. Can you give me a hand explain me step by step how this you all I read a lot of article hou to install ldap and squid with active directory but i could not Thz - Original Message - From: Saqib Khan (horiba/eu) [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Friday, September 01, 2006 10:07 AM Subject: [squid-users] Squid LDAP authentication with 2003 AD Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I am sure that it is authenticating the user as if I use a username which is not a member of the group which is meant to be use for internet access, i get the authentication window again again. I also checked it by using a LDAP browser i was able to browse the Active Directory. I am using SuSE 9.1 and squid 2.5 stable. Any Ideas? Best Regards, Saqib
[squid-users] Antwort: Re: [squid-users] Squid LDAP authentication with 2003 AD
Hi, Thanx for the tip. I had to define an additional acl and than it worked. Now the problem is that I would like to allow only members of a specific group to access internet. For this I have the following line in my config file. external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b dc=domain,dc=eu -D cn=test1,cn=Users,dc=domain,dc=eu -w test1 -f ((objectclass=person)(sAMAccountName=%v)(memberof=cn =%a,ou=Users,dc=domain,dc=eu)) -h MyIPAddress Under TAG:ACL acl localnet proxy_auth REQUIRED src xxx.xxx.xxx.xxx/24 acl InetAccess external Internet Testgroup Tag:http_access http_access allow InetAccess This is what i additionaly set up after which the internet was working http_access allow localnet I even defined a denygroup and added a test user but i still can access to internet by using that user. I think somehow the syntax of group authentication is not complete. Best Regards, Saqib |-+---| | Henrik Nordstrom | | | [EMAIL PROTECTED]| | | t| An| | | Saqib Khan (horiba/eu)| | 01.09.2006 16:48 | [EMAIL PROTECTED] | | | Kopie| | | squid-users@squid-cache.org | | | Thema| | | Re: [squid-users] Squid LDAP| | | authentication with 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| On Fri, 2006-09-01 at 15:07 +0200, Saqib Khan (horiba/eu) wrote: Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Which says that the request was denied your http_access directives (or maybe http_reply_access or miss_access). The authentication as such most likely worked fine. Regards Henrik
RE: [squid-users] Squid LDAP authentication with 2003 AD
Did you follow this step by step ? Because I did that but I could not made that user authenticate by active directory. The page say that we do not need samba.The only package that we need are: Squid and Ldap.I install openldap and the Bekerley Db because the Berkeley is need to install open ldap.When I finished to installed all I did that the page explain step by step, but It did not work I hope if you could do this authentication can give a hand. Thz Alejandro Decchi -Mensaje original- De: Saqib Khan (horiba/eu) [mailto:[EMAIL PROTECTED] Enviado el: Lunes, 04 de Septiembre de 2006 05:08 Para: Alejandro Decchi CC: squid-users@squid-cache.org Asunto: Re: [squid-users] Squid LDAP authentication with 2003 AD Hi, Please follow the instructions stated in the link below. It's a very easy clear documentation. http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithA ctiveDirectory Best Regards, Saqib |-+---| | Alejandro Decchi| | | [EMAIL PROTECTED] | | | | An| | 01.09.2006 04:43 | squid-use| | | [EMAIL PROTECTED]| | | ache.org,| | | Saqib| | | Khan | | | (horiba/eu| | | )| | | saqib.kha| | | [EMAIL PROTECTED]| | | om | | | Kopie| | | | | | Thema| | | Re: | | | [squid-use| | | rs] Squid | | | LDAP | | | authentica| | | tion with | | | 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| Hi ! my squid friend.Can you explain me how did you do to install everything . A long tome ago i tried but i could not made this method of athentication. Can you give me a hand explain me step by step how this you all I read a lot of article hou to install ldap and squid with active directory but i could not Thz - Original Message - From: Saqib Khan (horiba/eu) [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Friday, September 01, 2006 10:07 AM Subject: [squid-users] Squid LDAP authentication with 2003 AD Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I am sure that it is authenticating the user as if I use a username which is not a member of the group which is meant to be use for internet access, i get the authentication window again again. I also checked it by using a LDAP browser i was able to browse the Active Directory. I am using SuSE 9.1 and squid 2.5 stable. Any Ideas? Best Regards, Saqib
[squid-users] Antwort: RE: [squid-users] Squid LDAP authentication with 2003 AD
Please use this command to check if you can read the active directory: ldapsearch -b dc=mydomain,dc=eu -D cn=testuser,cn=Users,dc=mydomain,dc=eu -w testuserpassword sAMAccountName=Testgroup -h ADServerIP -x It must show you the structure of your AD tree. Best Regards, Saqib |-+---| | Alejandro Decchi| | | [EMAIL PROTECTED] | | | | An| | 04.09.2006 01:18 | 'Saqib Khan (horiba/eu)'| | | [EMAIL PROTECTED] | | | Kopie| | | squid-users@squid-cache.org | | | Thema| | | RE: [squid-users] Squid LDAP | | | authentication with 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| Did you follow this step by step ? Because I did that but I could not made that user authenticate by active directory. The page say that we do not need samba.The only package that we need are: Squid and Ldap.I install openldap and the Bekerley Db because the Berkeley is need to install open ldap.When I finished to installed all I did that the page explain step by step, but It did not work I hope if you could do this authentication can give a hand. Thz Alejandro Decchi -Mensaje original- De: Saqib Khan (horiba/eu) [mailto:[EMAIL PROTECTED] Enviado el: Lunes, 04 de Septiembre de 2006 05:08 Para: Alejandro Decchi CC: squid-users@squid-cache.org Asunto: Re: [squid-users] Squid LDAP authentication with 2003 AD Hi, Please follow the instructions stated in the link below. It's a very easy clear documentation. http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithA ctiveDirectory Best Regards, Saqib |-+---| | Alejandro Decchi | | | [EMAIL PROTECTED] | | | | An| | 01.09.2006 04:43 | squid-use| | | [EMAIL PROTECTED]| | | ache.org,| | | Saqib | | | Khan | | | (horiba/eu| | | ) | | | saqib.kha| | | [EMAIL PROTECTED]| | | om | | | Kopie| | | | | | Thema| | | Re: | | | [squid-use| | | rs] Squid | | | LDAP | | | authentica| | | tion with | | | 2003 AD | | | | | | | | | | | | | | | | | | | |-+---| Hi ! my squid friend.Can you explain me how did
RE: [squid-users] Squid LDAP authentication with 2003 AD
mån 2006-09-04 klockan 08:18 -0300 skrev Alejandro Decchi: Did you follow this step by step ? Because I did that but I could not made that user authenticate by active directory. The page say that we do not need samba.The only package that we need are: Squid and Ldap.I install openldap and the Bekerley Db because the Berkeley is need to install open ldap.When I finished to installed all I did that the page explain step by step, but It did not work You may need to use TLS depending on the settings of your AD security level. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] Squid LDAP authentication with 2003 AD
Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I am sure that it is authenticating the user as if I use a username which is not a member of the group which is meant to be use for internet access, i get the authentication window again again. I also checked it by using a LDAP browser i was able to browse the Active Directory. I am using SuSE 9.1 and squid 2.5 stable. Any Ideas? Best Regards, Saqib
Re: [squid-users] Squid LDAP authentication with 2003 AD
Hi ! my squid friend.Can you explain me how did you do to install everything . A long tome ago i tried but i could not made this method of athentication. Can you give me a hand explain me step by step how this you all I read a lot of article hou to install ldap and squid with active directory but i could not Thz - Original Message - From: Saqib Khan (horiba/eu) [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Friday, September 01, 2006 10:07 AM Subject: [squid-users] Squid LDAP authentication with 2003 AD Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I am sure that it is authenticating the user as if I use a username which is not a member of the group which is meant to be use for internet access, i get the authentication window again again. I also checked it by using a LDAP browser i was able to browse the Active Directory. I am using SuSE 9.1 and squid 2.5 stable. Any Ideas? Best Regards, Saqib
Re: [squid-users] Squid LDAP authentication with 2003 AD
On Fri, 2006-09-01 at 15:07 +0200, Saqib Khan (horiba/eu) wrote: Hello List members, I am getting problem after authenticating a user over ldap. After getting authenticated I get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.de/ The following error was encountered: Access Denied. Which says that the request was denied your http_access directives (or maybe http_reply_access or miss_access). The authentication as such most likely worked fine. Regards Henrik