RE: [squid-users] Multiple Authentication Programs

Hi!

i googled a bit, and found a Mailthread
(http://www.squid-cache.org/mail-archive/squid-dev/200104/0208.html), where
this syntax is used:

auth_param ntlm authdomainaclname1 program /foo/bar
auth_param ntlm authdomainaclname2 program /foo/bar

I need the same thing for ldap, but ldap is basic authentication. Hence i
modified my squid.conf like this:

auth_param basic firstnet program /usr/local/squid/libexec/squid_ldap_auth
query_for_domain_a
auth_param basic firstnet children 5
auth_param basic firstnet realm Internet Authentication For Domain A
auth_param basic firstnet credentialsttl 2 hours

auth_param basic sndnet program /usr/local/squid/libexec/squid_ldap_auth
query_for_domain_b
auth_param basic sndnet children 5
auth_param basic sndnet realm Internet Authentication For Domain B
auth_param basic sndnet credentialsttl 2 hours

squid -k parse reports errors, 'because no authentication schemes are fully
configured.' Can anyone tell me, what is wrong with these lines? I'm using
Squid 2.5-Stable5 from Sources. I configured it with ./configure
--enable-basic-auth-helpers="LDAP PAM"
--enable-external-acl-helpers="ldap_group" --enable-ssl, make && make
install

Regards
Christoph

-----Original Message-----
From: Keppner, Christoph [mailto:keppner@dhc-gmbh.com]
Sent: Wednesday, March 31, 2004 1:05 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Multiple Authentication Programs

Hi,

i'm running a squid server with ldap-Authentication against an Active
Directory server in Domain A. This works fine with the following lines:

...
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
dc=domainname,dc=de -R -D XXXXXXX -w YYYYYYYY -f sAMAccountName=%s
servername

external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -b dc=domainname,dc=de -D XXXXXX
-w YYYYYYY -f "(&(cn=%g)(member=%u)(objectClass=group))" -F
"(sAMAccountName=%s)" -h servername -p 389

acl Proxy-Group external ldap_group Proxy-Benutzer
acl ldap-password proxy_auth REQUIRED

http_access allow ldap-password localnet Proxy-Group
...

My Squid runs on a firewall with 3 interfaces, 1st interface is the
connection to my provider, 2nd interface is connected to "localnet". Now i
want to add a new ip-network on the 3rd interface. Within this network, a
new Windows 2000 Domain (Domain B) should be set up. Domain A is independant
from the domain in network B (no connection). Users from domain B should
have to use my proxy too, again with ldap-authentication and group-checking.
Is this possible? How?

Thanks for reply.

Christoph
Received on Thu Apr 01 2004 - 02:47:33 MST