Dear Community,
I successfully set up a LDAP authentication between squid and a windows 2008
server domain controller. The following problem exists:
# Users are able to use http and https. When they are not explicitly enter
https://url the http protocol will be used
# Because the auth is
Ach! It should come as no surprise that Mr. Nordstrom is
absolutely correct in all regards. My echo shell built-in doesn't
support the -n. If you also have this problem, try using printf,
eg.
# printf username:realm:password | md5sum | cut -d\ -f1
to generate the hashed password.
I found that the method below did not work, actually. I still
have not figured out just how Apache's htdigest is joining the
several inputs to create the md5 hash, but it isn't
user:realm:password | md5sum.
I finally got digest auth to work by doing the following (the
-c creates the
On mån, 2008-06-02 at 10:10 -0400, Chris Riggins wrote:
I found that the method below did not work, actually. I still
have not figured out just how Apache's htdigest is joining the
several inputs to create the md5 hash, but it isn't
user:realm:password | md5sum.
It is the same. Try again..
Sorry, it never matches when I do it. eg.
(0)[slash]/opt/home/p36wk $ echo -n p36wk:Realm:passw0rd | md5sum
3acaf7548c911426be232de30c802233 -
$ /opt/apache/bin/htdigest -c passwd.htdigest p36wk Realm
Adding password for Realm in realm p36wk.
New password: [passw0rd]
Re-type new password:
On mån, 2008-06-02 at 15:19 -0400, Chris Riggins wrote:
Sorry, it never matches when I do it. eg.
(0)[slash]/opt/home/p36wk $ echo -n p36wk:Realm:passw0rd | md5sum
3acaf7548c911426be232de30c802233 -
$ echo -n p36wk:Realm:passw0rd | md5sum
336326719e5c087aa1016fe5a3c871d4 -
$
Can someone point me to how to encode the passwords using the helper?
On Sat, May 31, 2008 at 4:12 PM, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
On fre, 2008-05-30 at 09:50 -0400, Chris Riggins wrote:
No, it is possible to use digest authentication to avoid
cleartext passwords. The squid wiki
On sön, 2008-06-01 at 13:23 -0700, Lawrence Anthony wrote:
Can someone point me to how to encode the passwords using the helper?
Here is one:
echo -n user:realm:password | md5sum
Using Apache htdigest is another..
Regards
Henrik
signature.asc
Description: This is a digitally signed message
On fre, 2008-05-30 at 09:50 -0400, Chris Riggins wrote:
No, it is possible to use digest authentication to avoid
cleartext passwords. The squid wiki link Henrik sent out is a good
start, but it leaves out one critical piece: how to encode the
passwords! In either LDAP or a flat-file, I
http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication
On tor, 2008-05-29 at 20:42 -0700, Squidly wrote:
Is there a good guide detailing how to set this digest up with openLdap?
On Thu, May 29, 2008 at 4:40 PM, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
On tor, 2008-05-29
On fre, 2008-05-30 at 09:33 +0530, Indunil Jayasooriya wrote:
Hi,
Is there a good guide detailing how to set this digest up with openLdap?
http://yajith.blogspot.com/2007/12/squid-ldap-and-active-directory.html
Thats ntlm, not digest.
Regards
Henrik
signature.asc
Description: This is
Is running samba the only way for squid not to use clear text passwords?
On Fri, May 30, 2008 at 2:41 AM, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication
On tor, 2008-05-29 at 20:42 -0700, Squidly wrote:
Is there a good guide
The use of Samba in that article is just to get a clean integration of
using the same password on the desktop and for browsing. It's purely
optional.
Regards
Henrik
On fre, 2008-05-30 at 06:13 -0700, Squidly wrote:
Is running samba the only way for squid not to use clear text passwords?
On
Squidly wrote:
Is running samba the only way for squid not to use clear text passwords?
On Fri, May 30, 2008 at 2:41 AM, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication
On tor, 2008-05-29 at 20:42 -0700, Squidly wrote:
No, it is possible to use digest authentication to avoid
cleartext passwords. The squid wiki link Henrik sent out is a good
start, but it leaves out one critical piece: how to encode the
passwords! In either LDAP or a flat-file, I found only one site
online with instructions, and they were
Chris Riggins wrote:
No, it is possible to use digest authentication to avoid
cleartext passwords. The squid wiki link Henrik sent out is a good
start, but it leaves out one critical piece: how to encode the
passwords! In either LDAP or a flat-file, I found only one site
online with
I am hoping there is a way to encrypt user name and password as they
are are passed from the browser to my debian squid box. I have looked
around the web and just keep getting more confused. I found some
reference to digest_ldap_auth but that does not exist in my lib and
seems to be for windowz.
On tor, 2008-05-29 at 16:21 -0700, Squidly wrote:
I am hoping there is a way to encrypt user name and password as they
are are passed from the browser to my debian squid box. I have looked
around the web and just keep getting more confused. I found some
reference to digest_ldap_auth but that
Is there a good guide detailing how to set this digest up with openLdap?
On Thu, May 29, 2008 at 4:40 PM, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
On tor, 2008-05-29 at 16:21 -0700, Squidly wrote:
I am hoping there is a way to encrypt user name and password as they
are are passed from the
Hi,
Is there a good guide detailing how to set this digest up with openLdap?
http://yajith.blogspot.com/2007/12/squid-ldap-and-active-directory.html
--
Thank you
Indunil Jayasooriya
Hello,
I have a problem about ldap_auth on squid (Version 2.6.STABLE7) on
Linux RedHat ES 4.
When I start the helper, I obtain an error:
/usr/lib/squid/ldap_auth: error while loading shared libraries:
libldap_r.so.2: cannot open shared object file: No such file or
directory
I see that this
On Thu, 2006-08-03 at 19:51 -0300, squid wrote:
squid version it came from written in it. This is the proxy that works.
The proxy that does not work is a 2.6STABLE2 , running ldap_auth. It gives
me a dns error, but not the proxy one. The default DNS error page from the
browser i am using,
Para: squid
Cc: squid-users@squid-cache.org
Assunto: Re: RES: [squid-users] LDAP_auth
On Thu, 2006-08-03 at 19:51 -0300, squid wrote:
squid version it came from written in it. This is the proxy that works.
The proxy that does not work is a 2.6STABLE2 , running ldap_auth. It
gives me a dns error
Hello,
Unfortunatly i have to call for aid. Ive read every mail discussion thread
available on google.com about using squid with LDAP authentication.
I did have configured my ldap_auth module correctly and it gives me the
following responses when run from command line .
tor 2006-08-03 klockan 19:02 -0300 skrev squid:
·When given and existing account name and correct password the
helper answers an OK in a new line
·When given unexisting account name, the helper answers an ERR in a
new line
·When given existing account name and incorrect
: [squid-users] LDAP_auth
tor 2006-08-03 klockan 19:02 -0300 skrev squid:
.When given and existing account name and correct password the
helper
answers an OK in a new line
.When given unexisting account name, the helper answers an ERR in a
new line
.When given existing
I’m setting up ldap authentication :
My Ldap Config in squid.conf:
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
o=Organization -h ldapserv -D cn=username,o=Organization -w password -
f ((objectclass=person)(cn=%s))
auth_param basic children 50
auth_param basic realm Web-Proxy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 21, 2005 11:03 AM
To: squid-users@squid-cache.org
Subject: [squid-users] ldap_auth - https error
I'm setting up ldap authentication :
--SNIP--
If I type in an http site http
Thank you
That fixed it,
client_persistent_connections off
(squid-2.5.STABLE3-6.3E.14)
-Original Message-
From: Chris Robertson [mailto:[EMAIL PROTECTED]
Sent: Monday, November 21, 2005 6:52 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] ldap_auth - https error
Hello,
I'm still using Squid 2.5 Stable3 under Fedora Core 1.
(I will change it in about three months ;-)
I'm using the LDAP_AUTH helper, but after each html-
element (eg after each picture), I have to reauthenticate
in my Browser. (IE6, Mozilla Firefox)
Now I want to know, if I made a mistake
On Wed, Jul 27, 2005 at 11:00:14AM +0200, Peter Schulz-Kraus wrote:
Hello,
I'm still using Squid 2.5 Stable3 under Fedora Core 1.
(I will change it in about three months ;-)
I'm using the LDAP_AUTH helper, but after each html-
element (eg after each picture), I have to reauthenticate
in my
Joshua Goodall wrote:
cache_peer cache001.xxx.de parent 8080 0 no-query login=PASS
^^^
Are you sure this peer isn't the culprit here, since you're forwarding
the proxy authentication credentials? (do you need to do that?)
Hello,
yes, this is needed. This cache is from our data center
and
On Wed, 13 Oct 2004, Digitalfx wrote:
Im getting this squid cache log error while trying to validate squid users
using slapd
squid_ldap_auth: WARNING, could not bind to binddn 'Protocol error'
Can you bind to the DN using ldapsearch?
ldapsearch -b dc=mydomain,dc=com -D
with no password) disallowed
slapd ver is 2.1.30-2
- Original Message -
From: Henrik Nordstrom [EMAIL PROTECTED]
To: Digitalfx [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 5:14 AM
Subject: Re: [squid-users] ldap_auth protocol error Msg
On Wed, 13 Oct 2004
On Thu, 14 Oct 2004, digitalfx wrote:
yes i can, using ldapsearch with -x option (simple authentication)
ldapsearch -x -b dc=mydomain,dc=com -D cn=admin,dc=mydomain,dc=com -w
pass -h 192.168.2.107 uid=a_login_name
otherwise i get this bind msg: Server is unwilling to perform (53)
additional info:
]
Subject: Re: [squid-users] ldap_auth protocol error Msg
Sent: Thursday, October 14, 2004 4:22:44 PM
- Original Message -
From: Henrik Nordstrom [EMAIL PROTECTED]
To: Digitalfx [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 5:14 AM
Subject: Re: [squid-users] ldap_auth
Im getting this squid cache log error while trying to validate squid
users using slapd
squid_ldap_auth: WARNING, could not bind to binddn 'Protocol error'
Script: /usr/lib/squid/autenticacion_ldap
#!/bin/bash
/usr/lib/squid/ldap_auth -R -b dc=mydomain,dc=com -D
cn=admin,dc=mydomain,dc=com -w
I am trying to configure LDAP_AUTH for clients on a netware network. I can
get the login prompt to come up but I get the below error when logging in:
Am I missing something in this config?
The following error was encountered:
* Cache Access Denied.
Sorry, you are not currently allowed to request:
On Tue, 2 Mar 2004, none none wrote:
Is anyone able to help me with a real example of squid_ldap_auth.exe if my Active
directory looks like this:
The example in the manual for squid_ldap_auth is a real one for Active
Directory:
If you want to search for the user DN and your
Is anyone able to help me with a real example of squid_ldap_auth.exe if my Active
directory looks like this:
domain.com
-Builtin
-Computers
...
-Group1
-Computers
-Folders
-Groups
-Users
-Someone LastName
Hi,
I want to authenticate users in a group (MS AD) for internet access.
Must i have the squid_ldap_auth _and_ squid_ldap_group configured in
squid.conf to accomplish my goal ?
So far i have enabled the external_ldap_group.
Why isn't the \usr\local\squid\libexec\squid_ldap_group executable
On Wed, 10 Dec 2003, Geir Fossum wrote:
I want to authenticate users in a group (MS AD) for internet access.
Must i have the squid_ldap_auth _and_ squid_ldap_group configured in
squid.conf to accomplish my goal ?
Yes. The first authenticates the user by verifying his password.
The
Hey, I have a problem wirth the ldap_auth
We have two locations build up in the ldap tree
ou=People,dc=location1,dc=firm,dc=de
and
ou=People,dc=location2,dc=firm,dc=de
To authenticate ONE location it is easy..
/usr/sbin/squid_ldap_auth -b ou=People,dc=location1,dc=firm,dc=de -s sub
-h
Here is an example what I have done [squid 2.5Stable3] - I have 3 sub domains to
search.
/usr/local/squid/libexec/squid_ldap_auth -b o=tld -f((cn=%s)(objectclass=person)) -s
sub ...
Tim Bernhardson
Senior Technical Engineer
Certified Citrix Metaframe Administrator
Certified CyberGuard
On Thu, 4 Dec 2003, Maurer Roland MKG-Bank wrote:
To authenticate ONE location it is easy..
/usr/sbin/squid_ldap_auth -b ou=People,dc=location1,dc=firm,dc=de -s sub
-h 192.168.1.152 -u uid
This is LDAP search works. But I can't authenticate anyone from location2.
This is not a search at
I have a new squid-2.4.STABLE6-6.7.3 installation. I would like for my users
to authenticate against NDS using LDAP. The squid_ldap_auth program works
correctly from the command line:
/usr/lib/squid/squid_ldap_auth -b ou=blah,ou=blah,o=blah -u cn xx.xx.xx.xx
username password
OK
I added the
Hi,
today I wanted to install the authentication with squid_ldapauth.
(Transparent proxy is off)
squid.conf:
...
acl password proxy_auth REQUIRED
...
authenticate_program /usr/sbin/squid_ldapauth
...
http_access allow password
...
I got an user 'xyz' with password 'secure'.
A test localy
What Squid version?
On Wednesday 26 February 2003 22.34, Dieter Kroemer wrote:
Hi,
today I wanted to install the authentication with squid_ldapauth.
(Transparent proxy is off)
squid.conf:
...
acl password proxy_auth REQUIRED
...
authenticate_program /usr/sbin/squid_ldapauth
...
48 matches
Mail list logo