The current version of the LDAP group helper supports automatic removal
of domainnames when looking up group memberships. This to ease
integration of NTLM and LDAP group lookups (which may be in another
directory entirely).
Regarding the syntax error: The syntax is
acl internet_ldap external ldap_group "/path/to/file_group_Internet"
To have Squid ask for both Basic and NTLM authentication you must
configure both schemes in squid.conf.
Regards
Henrik
"Alex Carlos Braga Antão" wrote:
>
> Hello all,
> I got a problem here, and need some help.
>
> -> Background:
> I have a group called Internet on my AD. All users on this group is
> PERMITTED to use internet, through my squid 2.5 proxy. Those that use IE,
> the authentication must be NTLM, and if somebody uses another browser that
> not support NTLM, it must authenticate by LDAP (basic auth).
> -> What I did:
> First I configured squid to authenticate by NTLM and since NTLM does
> NOT support groups yet, I made some scripts that automatically generates an
> file with all users on my AD group to NTLM authenticate. It is working with
> no problems.
> Second I configures squid_ldap_auth to authenticate by my AD with the
> same file that NTLM uses. It also worked with no problems.
>
> But now, since I have to dupicate usernames on the file because LDAP does
> not accept names like DOMAIN/Username and also groups, i decided to
> configure SQUID_LDAP_GROUP instead of SQUID_LDAP_AUTH
>
> -> THE PROBLEMS:
> Then I created a file that contais only one line with the name of my
> group: Internet
> I compiled squid_ldap_group and configured my squid. On the conf file, I
> cut my auth_proram of squid_ldap_AUTH and put:
> external_acl_type ldap_group %LOGIN /...../squid_ldap_group .....
> acl internet_ldap ldap_group "/path/to/file_group_Internet"
>
> 1) First problem
> when I do a squid -k reconfigure, i got the error messages:
> aclParseAclLine: Invalid ACL Type ldap_group
> 2) How do I configure http_access to make things work like I want ? I
> put:
> http_access allow all internet_ntml internet_ldap
>
> also tried :
> http_access allow all internet_ntml
> http_access allow all internet_ldap
>
> But when I open NETSCAPE, I get a message saying that the
> authentication method asked is not supported. I suppose that squid is asking
> for NTLM only...
>
> Thanks for any help !!!
> Alex C. B. Antão
> Analista de Sistemas e Suporte
> ICQ: 5144629http://motoviagens.pagina.de
> http://e-modelismo.pagina.de
>
>
> "Nada como um dia apos o outro... de moto!"
Received on Fri Jan 10 2003 - 14:57:22 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:37 MST