Kolegi ima li nqkoi predstava zashto squid_ldap_group
helpera nesrabotva na squid?
Pravq slednoto:
1.Proverqvam da li mi raboti squid_ldap_auth
squid_ldap_auth -b "cn=Users,dc=xx,dc=local" -h 10.10.1.253
-p 389 -u cn -D "cn=Squid Cache
Server,cn=Users,dc=xx,dc=local" -W /etc/squid/password
-f sAMAccountName=%s
User1 password Ok
2.Dobavqm go kam squid.conf
auth_param basic program /usr/sbin/squid_ldap_auth -b
"cn=Users,dc=xx,dc=local" -h 10.10.1.253 -p 389 -u cn -D
"cn=Squid Cache Server,cn=Users,dc=xx,dc=local" -W
/etc/squid/password
-f sAMAccountName=%s
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
++
acl password proxy_auth REQUIRED src 10.10.10.0/24
http_access allow password
++
3. testvam squid_ldap_group helpera
/usr/sbin/squid_ldap_group -b "cn=Users,dc=xx,dc=local" -f
"(&(cn=%a)(member=%v))" -h 10.10.1.253 -p 389 -u cn -D
"cn=Squid Cache Server,cn=Users,dc=xx,dc=local" -W
/etc/squid/password -F "(sAMAccountName=%s)"
User1 Internet OK (User1 e vav group Internet na DC)
4. dobavqm vav squid.conf
external_acl_type ldap_group %LOGIN
/usr/sbin/squid_ldap_group -b "cn=Users,dc=xx,dc=local" -f
"(&(cn=%a)(member=%v))" -h 10.10.1.253 -p 389 -u cn -D
"cn=Squid Cache Server,cn=Users,dc=xx,dc=local" -W
/etc/squid/password -F "(sAMAccountName=%s)"
acl Internet_Group external ldap_group Internet
http_access allow Internet_Group
5. squid -k reconfigure
ZArezdam stranica kato izpolzvam grug validen user koito ne
e vav group Internet ,rezultata e che me dopuska do internet
i site se zarejda, vapreki che saotvetstvieto sAMAccountName
i tarsena groupa vrashta Error?
Systema:
Linux Suse 2.6.8-24.16-default
squid-2.5.STABLE6-6.10
|