- Squid + LDAP
+ Responder ao Tópico
-
Squid + LDAP
Ja tenho o LDAP + Samba funcionando no CL10 e não to conseguindo fazer o squid autenticar no LDAP. Adicionei as seguintes linhas em meu squid.conf:
auth_param basic program /usr/lib/squid/squid_ldap_auth -b ou=Users,dc=ldap,dc=teste 127.0.0.1 389
auth_param basic children 5
auth_param basic realm Metodo de Auatenticacao para Navegacao
auth_param basic credentialsttl 15 minute
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
Quando coloco este proxy nos clientes, não abre nenhuma página.
-
Squid + LDAP
-
Squid + LDAP
[root@clm root]# tail -f /var/log/squid/access.log
1116334261.589 11746 10.0.2.45 TCP_MISS/000 0 GET http://www.uol.com.br/ - NONE/- -
mas a linha acima só aparece depois que fecho meu browser.
[root@clm root]# tail -f /var/log/squid/access.log
2005/05/17 08:24:08| Starting Squid Cache version 2.5.STABLE9 for i686-pc-linux-gnu...
2005/05/17 08:24:08| Process ID 1495
2005/05/17 08:24:08| With 1024 file descriptors available
2005/05/17 08:24:08| Performing DNS Tests...
2005/05/17 08:24:08| Successful DNS name lookup tests...
2005/05/17 08:24:08| DNS Socket created at 0.0.0.0, port 32768, FD 5
2005/05/17 08:24:08| Adding nameserver 200.204.0.10 from squid.conf
2005/05/17 08:24:08| Adding nameserver 200.204.0.138 from squid.conf
2005/05/17 08:24:08| helperOpenServers: Starting 5 'squid_ldap_auth' processes
2005/05/17 08:24:08| Unlinkd pipe opened on FD 15
2005/05/17 08:24:08| Swap maxSize 819200 KB, estimated 63015 objects
2005/05/17 08:24:08| Target number of buckets: 3150
2005/05/17 08:24:08| Using 8192 Store buckets
2005/05/17 08:24:08| Max Mem size: 131072 KB
2005/05/17 08:24:08| Max Swap size: 819200 KB
2005/05/17 08:24:08| Rebuilding storage in /var/spool/squid (CLEAN)
2005/05/17 08:24:08| Using Least Load store dir selection
2005/05/17 08:24:08| Current Directory is /
2005/05/17 08:24:08| Loaded Icons.
2005/05/17 08:24:09| Accepting HTTP connections at 0.0.0.0, port 3128, FD 16.
2005/05/17 08:24:09| Accepting ICP messages at 0.0.0.0, port 3130, FD 17.
2005/05/17 08:24:09| Accepting HTCP messages on port 4827, FD 18.
2005/05/17 08:24:09| Accepting SNMP messages on port 3401, FD 19.
2005/05/17 08:24:09| WCCP Disabled.
2005/05/17 08:24:09| Pinger socket opened on FD 21
2005/05/17 08:24:09| Ready to serve requests.
2005/05/17 08:24:09| Done scanning /var/spool/squid swaplog (0 entries)
2005/05/17 08:24:09| Finished rebuilding storage from disk.
2005/05/17 08:24:09| 0 Entries scanned
2005/05/17 08:24:09| 0 Invalid entries.
2005/05/17 08:24:09| 0 With invalid flags.
2005/05/17 08:24:09| 0 Objects loaded.
2005/05/17 08:24:09| 0 Objects expired.
2005/05/17 08:24:09| 0 Objects cancelled.
2005/05/17 08:24:09| 0 Duplicate URLs purged.
2005/05/17 08:24:09| 0 Swapfile clashes avoided.
2005/05/17 08:24:09| Took 1.1 seconds ( 0.0 objects/sec).
2005/05/17 08:24:09| Beginning Validation Procedure
2005/05/17 08:24:09| Completed Validation Procedure
2005/05/17 08:24:09| Validated 0 Entries
2005/05/17 08:24:09| store_swap_size = 0k
2005/05/17 08:24:11| storeLateRelease: released 0 objects
[root@clm root]# cat /var/log/squid/store.log
1116334262.064 RELEASE -1 FFFFFFFF 8241795168682809BAF39ABAAE9768D2 0 -1 -1 -1 unknown -1/0 GET http://www.uol.com.br/
-
Squid + LDAP
Não vi nada indicando erro nos logs do squid.
Seu squid está funcionando quando voce não usa autenticação?
Não tem nenhuma linha indicando que o squid tentou autenticar o usuário contra um servidor ldap nos logs. Isso é estranho. Os logs do openldap não mostram nada?
HTH,
-
Squid + LDAP
Infelizmente não mostra nada..
-
Squid + LDAP
Amigo, aparentemente sua configuracao esta correta.
Mas depois disso, vc criou as acl's para usar autenticação? Exemplo:
acl all src 0.0.0.0/0.0.0.0
acl all proxy_auth REQUIRED
http_access allow all etc.. etc.. etc...
Outra coisa, veriqfique se o usuario que esta rodando o squid tem permissao para executar o squid_ldap_auth
-
Squid + LDAP
Em tempo:
E experimente colocar o comando assim no squid.conf
/usr/sbin/squid_ldap_auth -b ou=Users,dc=bhz,dc=jamef -u uid 127.0.0.1 389
Vc pode testar o comando antes para ver se ele está funcionando
Ele deverá retornar OK ou ERR. Ex:
# /usr/sbin/squid_ldap_auth -b ou=Users,dc=bhz,dc=jamef -u uid 127.0.0.1 389
usuario senhaerrada
ERR
# /usr/sbin/squid_ldap_auth -b ou=Users,dc=bhz,dc=jamef -u uid 127.0.0.1 389
usuario senhacerta
OK
-
Squid + LDAP
Tentei o que me pediu acima e fica parado bastante tempo pra autenticar e não retorna nada.
-
Squid + LDAP
Oi amigo bom dia !
Desculpa a pergunta mas vc. chegou a usar aquele tutorial sobre SQUID + LDAP + SAMBA ?
Pq. eu usei aqui e funcionou na boa.