Dear Squid Users I have some problems configuring authentication of ldap users. The idea behind my configuration is that only users in a existing LDAP Group will be authenticated sucessfully.
In this example it's my own user with the login ID phom. What's wrong in my config, because the user will not be authenticated. Squid access.log: 1046945867.315 287 10.1.15.238 TCP_DENIED/407 1805 My LDAP Group: # Security-Group, security, nextiraone, ch dn: cn=Security-Group,ou=security,o=nextiraone,c=ch objectClass: groupOfNames objectClass: groupOfUniqueNames cn: Security-Group member: cn=FW1-Template,o=nextiraone,c=ch member: cn=Homberger Peter,ou=security,o=nextiraone,c=ch uniqueMember: uid=phom,ou=security,o=nextiraone,c=ch My User: # Homberger Peter, security, nextiraone, ch dn: cn=Homberger Peter,ou=security,o=nextiraone,c=ch objectClass: person objectClass: uidObject objectClass: organizationalPerson cn: Homberger Peter sn: Homberger uid: phom userPassword: ********** My squid.conf auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u uid -b ou=security,o=nextiraone,c=ch auth_param basic children 5 auth_param basic realm "Authentication for Internet Access is required! Please note that all traffic should me monitored for statistic purposes!" auth_param basic credentialsttl 2 hours external_acl_type ldap_group %LOGIN /usr/local/squid/libexec/squid_ldap_group -b "ou=security,o=nextiraone,c=ch" -f '(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))' acl group_Internet external ldap_group Security-Group http_access allow group_Internet http_access deny all Mit freundlichen Gr�ssen With kind regards Peter Homberger NextiraOne Schweiz GmbH Peter Homberger Consultant Security / NMS Industriestasse 30, CH-8203 Kloten Tel: +41 1 815 32 65 Fax: +41 1 813 53 24 mailto:[EMAIL PROTECTED] http://www.nextiraone.ch
