Hi! i googled a bit, and found a Mailthread (http://www.squid-cache.org/mail-archive/squid-dev/200104/0208.html), where this syntax is used:
auth_param ntlm authdomainaclname1 program /foo/bar auth_param ntlm authdomainaclname2 program /foo/bar I need the same thing for ldap, but ldap is basic authentication. Hence i modified my squid.conf like this: auth_param basic firstnet program /usr/local/squid/libexec/squid_ldap_auth query_for_domain_a auth_param basic firstnet children 5 auth_param basic firstnet realm Internet Authentication For Domain A auth_param basic firstnet credentialsttl 2 hours auth_param basic sndnet program /usr/local/squid/libexec/squid_ldap_auth query_for_domain_b auth_param basic sndnet children 5 auth_param basic sndnet realm Internet Authentication For Domain B auth_param basic sndnet credentialsttl 2 hours squid -k parse reports errors, 'because no authentication schemes are fully configured.' Can anyone tell me, what is wrong with these lines? I'm using Squid 2.5-Stable5 from Sources. I configured it with ./configure --enable-basic-auth-helpers="LDAP PAM" --enable-external-acl-helpers="ldap_group" --enable-ssl, make && make install Regards Christoph -----Original Message----- From: Keppner, Christoph [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 1:05 PM To: [EMAIL PROTECTED] Subject: [squid-users] Multiple Authentication Programs Hi, i'm running a squid server with ldap-Authentication against an Active Directory server in Domain A. This works fine with the following lines: ... auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b dc=domainname,dc=de -R -D XXXXXXX -w YYYYYYYY -f sAMAccountName=%s servername external_acl_type ldap_group %LOGIN /usr/local/squid/libexec/squid_ldap_group -b dc=domainname,dc=de -D XXXXXX -w YYYYYYY -f "(&(cn=%g)(member=%u)(objectClass=group))" -F "(sAMAccountName=%s)" -h servername -p 389 acl Proxy-Group external ldap_group Proxy-Benutzer acl ldap-password proxy_auth REQUIRED http_access allow ldap-password localnet Proxy-Group ... My Squid runs on a firewall with 3 interfaces, 1st interface is the connection to my provider, 2nd interface is connected to "localnet". Now i want to add a new ip-network on the 3rd interface. Within this network, a new Windows 2000 Domain (Domain B) should be set up. Domain A is independant from the domain in network B (no connection). Users from domain B should have to use my proxy too, again with ldap-authentication and group-checking. Is this possible? How? Thanks for reply. Christoph
