[squid-users] Re: troubles using squid_kerb_auth and squid_kerb_ldap

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Mon, 31 Aug 2009 21:08:24 +0100

Could you post an extract of cache.log showing the squid_kerb_auth and
squid_kerb_ldap entries.

Markus

"Chris Richardson" <crichar_at_gmail.com> wrote in message
news:af01ca210908311222m104d2d2amdef43eca8e695999_at_mail.gmail.com...
> Hi everyone here is what i am tring to do i want to use kerb for SSO
> and use squid_kerb_ldap to do acls based on groups however i am
> running into a problem normal kerb_auth works great but when i try to
> use kerb_ldap i get aclMatchExternal: squid_kerb_ldap user not
> authenticated (0)
>
> here are snippets of the config
>
> auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d
> auth_param negotiate children 10
> auth_param negotiate keep_alive on
>
>
> external_acl_type squid_kerb_ldap ttl=3600 negative_ttl=3600 %LOGIN
> /usr/sbin/squid_kerb_ldap -d -g ProxyUsers_at_WINDOWSKDC
>
> acl auth proxy_auth REQUIRED
> acl ldap_group_check external squid_kerb_ldap
>
> http_access allow ldap_group_check
> http_access deny all
>
> oh this is squid 3.0 on a win2003 AD domain
>
> thanks
> -Chris
>
Received on Mon Aug 31 2009 - 20:09:43 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 12:00:04 MDT