+ Responder ao Tópico



  1. #1
    guardian_metal
    Visitante

    Padrão Squid + LDAP

    Ja tenho o LDAP + Samba funcionando no CL10 e não to conseguindo fazer o squid autenticar no LDAP. Adicionei as seguintes linhas em meu squid.conf:

    auth_param basic program /usr/lib/squid/squid_ldap_auth -b ou=Users,dc=ldap,dc=teste 127.0.0.1 389
    auth_param basic children 5
    auth_param basic realm Metodo de Auatenticacao para Navegacao
    auth_param basic credentialsttl 15 minute
    authenticate_cache_garbage_interval 1 hour
    authenticate_ttl 1 hour

    Quando coloco este proxy nos clientes, não abre nenhuma página.

  2. #2
    karfax
    Visitante

    Padrão Squid + LDAP

    Cadê os logs???


    Sds,

  3. #3
    guardian_metal
    Visitante

    Padrão Squid + LDAP

    [root@clm root]# tail -f /var/log/squid/access.log
    1116334261.589 11746 10.0.2.45 TCP_MISS/000 0 GET http://www.uol.com.br/ - NONE/- -

    mas a linha acima só aparece depois que fecho meu browser.

    [root@clm root]# tail -f /var/log/squid/access.log
    2005/05/17 08:24:08| Starting Squid Cache version 2.5.STABLE9 for i686-pc-linux-gnu...
    2005/05/17 08:24:08| Process ID 1495
    2005/05/17 08:24:08| With 1024 file descriptors available
    2005/05/17 08:24:08| Performing DNS Tests...
    2005/05/17 08:24:08| Successful DNS name lookup tests...
    2005/05/17 08:24:08| DNS Socket created at 0.0.0.0, port 32768, FD 5
    2005/05/17 08:24:08| Adding nameserver 200.204.0.10 from squid.conf
    2005/05/17 08:24:08| Adding nameserver 200.204.0.138 from squid.conf
    2005/05/17 08:24:08| helperOpenServers: Starting 5 'squid_ldap_auth' processes
    2005/05/17 08:24:08| Unlinkd pipe opened on FD 15
    2005/05/17 08:24:08| Swap maxSize 819200 KB, estimated 63015 objects
    2005/05/17 08:24:08| Target number of buckets: 3150
    2005/05/17 08:24:08| Using 8192 Store buckets
    2005/05/17 08:24:08| Max Mem size: 131072 KB
    2005/05/17 08:24:08| Max Swap size: 819200 KB
    2005/05/17 08:24:08| Rebuilding storage in /var/spool/squid (CLEAN)
    2005/05/17 08:24:08| Using Least Load store dir selection
    2005/05/17 08:24:08| Current Directory is /
    2005/05/17 08:24:08| Loaded Icons.
    2005/05/17 08:24:09| Accepting HTTP connections at 0.0.0.0, port 3128, FD 16.
    2005/05/17 08:24:09| Accepting ICP messages at 0.0.0.0, port 3130, FD 17.
    2005/05/17 08:24:09| Accepting HTCP messages on port 4827, FD 18.
    2005/05/17 08:24:09| Accepting SNMP messages on port 3401, FD 19.
    2005/05/17 08:24:09| WCCP Disabled.
    2005/05/17 08:24:09| Pinger socket opened on FD 21
    2005/05/17 08:24:09| Ready to serve requests.
    2005/05/17 08:24:09| Done scanning /var/spool/squid swaplog (0 entries)
    2005/05/17 08:24:09| Finished rebuilding storage from disk.
    2005/05/17 08:24:09| 0 Entries scanned
    2005/05/17 08:24:09| 0 Invalid entries.
    2005/05/17 08:24:09| 0 With invalid flags.
    2005/05/17 08:24:09| 0 Objects loaded.
    2005/05/17 08:24:09| 0 Objects expired.
    2005/05/17 08:24:09| 0 Objects cancelled.
    2005/05/17 08:24:09| 0 Duplicate URLs purged.
    2005/05/17 08:24:09| 0 Swapfile clashes avoided.
    2005/05/17 08:24:09| Took 1.1 seconds ( 0.0 objects/sec).
    2005/05/17 08:24:09| Beginning Validation Procedure
    2005/05/17 08:24:09| Completed Validation Procedure
    2005/05/17 08:24:09| Validated 0 Entries
    2005/05/17 08:24:09| store_swap_size = 0k
    2005/05/17 08:24:11| storeLateRelease: released 0 objects

    [root@clm root]# cat /var/log/squid/store.log
    1116334262.064 RELEASE -1 FFFFFFFF 8241795168682809BAF39ABAAE9768D2 0 -1 -1 -1 unknown -1/0 GET http://www.uol.com.br/

  4. #4
    karfax
    Visitante

    Padrão Squid + LDAP

    Não vi nada indicando erro nos logs do squid.
    Seu squid está funcionando quando voce não usa autenticação?
    Não tem nenhuma linha indicando que o squid tentou autenticar o usuário contra um servidor ldap nos logs. Isso é estranho. Os logs do openldap não mostram nada?

    HTH,

  5. #5
    guardian_metal
    Visitante

    Padrão Squid + LDAP

    Infelizmente não mostra nada..

  6. #6
    RSM
    Visitante

    Padrão Squid + LDAP

    Amigo, aparentemente sua configuracao esta correta.
    Mas depois disso, vc criou as acl's para usar autenticação? Exemplo:

    acl all src 0.0.0.0/0.0.0.0
    acl all proxy_auth REQUIRED
    http_access allow all etc.. etc.. etc...

    Outra coisa, veriqfique se o usuario que esta rodando o squid tem permissao para executar o squid_ldap_auth

  7. #7
    RSM
    Visitante

    Padrão Squid + LDAP

    Em tempo:

    E experimente colocar o comando assim no squid.conf
    /usr/sbin/squid_ldap_auth -b ou=Users,dc=bhz,dc=jamef -u uid 127.0.0.1 389

    Vc pode testar o comando antes para ver se ele está funcionando
    Ele deverá retornar OK ou ERR. Ex:

    # /usr/sbin/squid_ldap_auth -b ou=Users,dc=bhz,dc=jamef -u uid 127.0.0.1 389
    usuario senhaerrada
    ERR

    # /usr/sbin/squid_ldap_auth -b ou=Users,dc=bhz,dc=jamef -u uid 127.0.0.1 389
    usuario senhacerta
    OK

  8. #8
    guardian_metal
    Visitante

    Padrão Squid + LDAP

    Tentei o que me pediu acima e fica parado bastante tempo pra autenticar e não retorna nada.

  9. #9
    Luzumba
    Visitante

    Padrão Squid + LDAP

    Oi amigo bom dia !
    Desculpa a pergunta mas vc. chegou a usar aquele tutorial sobre SQUID + LDAP + SAMBA ?
    Pq. eu usei aqui e funcionou na boa.