hi to all
i have a new suse linux with squid-2.4.STABLE6-9
and a W2K ADS and I want to use squid_ldapauth to
let my users authentificate themselves with their
windows account.
when squid starts it doesn't complain about anything.
when a user wants to use the proxy the ACL
acl my_users proxy_auth REQUIRED
takes place - the authentification popup pops up
ans she is rejected.
the access.log says this:
1057336343.145 14 10.220.62.26 TCP_DENIED/407 1374 GET http://www.louden.de/ max.bmuster NONE/- - [Accept: image/gi
f, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoin
t, */*\r\nAccept-Language: de\r\nProxy-Authorization: Basic bWF4LmJtdXN0ZXI6Ym11c3Rlcg==\r\nUser-Agent: Mozilla/4.0 (co
mpatible; MSIE 6.0; Windows NT 5.0; Logware; Logware Informationssysteme GmbH)\r\nHost: www.louden.de\r\nProxy-Connecti
on: Keep-Alive\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: Squid/2.4.STABLE6\r\nMime-Version: 1.0\r\nDa
te: Fri, 04 Jul 2003 16:32:23 GMT\r\nContent-Type: text/html\r\nContent-Length: 993\r\nExpires: Fri, 04 Jul 2003 16:32:
23 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: Basic realm="Logware Proxy Server"\r\n\r]
so i start squid_ldapauth by hand.
here is the output :
squid_ldapauth -v -q -l
squid_ldapauth[2523]: config - found key: 'ldap-server'
squid_ldapauth[2523]: config - got value: '10.xxx.xxx.xxx'
squid_ldapauth[2523]: config - found key: 'ldap-port'
squid_ldapauth[2523]: config - got value: '389'
squid_ldapauth[2523]: config - found key: 'ldap-suffix'
squid_ldapauth[2523]: config - got value: 'DC=city,DC=company,DC=de'
squid_ldapauth[2523]: config - found key: 'ldap-filter'
squid_ldapauth[2523]: config - got value: '(uid=%s)'
squid_ldapauth[2523]: config - found key: 'ldap-passwdfield'
squid_ldapauth[2523]: config - got value: 'userpassword'
squid_ldapauth[2523]: config - found key: 'ldap-binddn'
squid_ldapauth[2523]: config - got value: 'CN=Administrator,OU=org2,OU=org1,DC=city,DC=company,DC=de'
squid_ldapauth[2523]: config - found key: 'ldap-password'
squid_ldapauth[2523]: config - got value: 'PaSsWoRd'
squid_ldapauth[2523]: using ldap-server => '10.xxx.xxx.xxx'
squid_ldapauth[2523]: using ldap-port => '389'
squid_ldapauth[2523]: using ldap-suffix => 'DC=city,DC=company,DC=de'
squid_ldapauth[2523]: using ldap-filter => '(uid=%s)'
squid_ldapauth[2523]: using ldap-passwdfield => 'userpassword'
squid_ldapauth[2523]: using ldap-binddn => 'CN=Administrator,OU=org2,OU=org1,DC=city,DC=company,DC=de'
squid_ldapauth[2523]: using ldap-password => 'PaSsWoRd'
squid_ldapauth[2523]: connection etablished - waiting for queries
when i type in this :
administrator PaSsWoRd
i get this :
squid_ldapauth[2523]: ldap result was empty (user not found)
squid_ldapauth[2523]: authentication request for 'administrator' - ERR
ERR
funny
of cause administrator exists - he has just
established the connection - hasn't he ?
i can do this with any user and none is found.
administrator has domain-administration rights
so it can't be a problem with missing rights.
(i started this with a common user squid and
will use him once it will work...)
i increased the rights on the squid cache :
drwxrwxrwx 21 squid squid 528 Jul 3 16:02 squid
but this too hadn't any effect.
i'm afraid the problem is caused by the
windows ADS. a really nasty idea.
i'd be really greatful for any suggestion.
Kaja
=================================
Rokaya Louden
Systemadministration
LOGWARE Informationssysteme GmbH
Schwedenstraße 9
13359 Berlin
FON: +49 (0) 30 49901-214
FAX: +49 (0) 30 49901-108-214
Mailto:rokaya.louden@logware.de
< http://www.logware.de>
=================================
Received on Fri Jul 04 2003 - 11:52:47 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:50 MST