Quantcast

Squid Server 3.3.8 Unable to authenticate with Ldap groups

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Squid Server 3.3.8 Unable to authenticate with Ldap groups

moni2016
This post has NOT been accepted by the mailing list yet.
Dear All,

 I am facing issues while trying to authenticate Squid with Windows AD through LDAP.
I am running Squid Server 3.3.8.,
My OU = psldev
User group = Users
User = squid
--------------------------------
Pls find the squid.conf file

#
# Recommended minimum configuration:
#
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


#acl Dangerous_ports port 7 9 19 22 23 25 53 109 110 119
#http_access deny Dangerous_ports

acl blockExtensions rep_mime_type -i "/etc/squid/extension.acl"
http_reply_access deny blockExtensions


#cache_peer chennai-proxy parent 8080 0 no-query no-digest default
#cache_peer mumbai-proxy parent 8080 0 no-query no-digest
#never_direct allow all

acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles

# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

#String to block keywords in websites
acl blockkeyword1 url_regex yahoo
acl blockkeyword2 url_regex gmail
acl blockkeyword3 url_regex orkut
http_access deny blockkeyword1
http_access deny blockkeyword2
http_access deny blockkeyword3

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

auth_param basic program /usr/lib64/squid/squid_ldap_auth -v 3 -b "dc=psldev,dc=com" -D uid=squid,ou=psldev,dc=Users,dc=com  -w password -f
uid=%s ldap.intellectdesign.com
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute

acl ldap-auth proxy_auth REQUIRED

http_access allow ldap-auth
http_access allow localhost
http_access deny all

acl ban_domains dstdomain .facebook.com .youtube.com

http_access deny ban_domains
http_access allow localhost
http_access allow localnet

#acl FTP proto FTP
#always_direct allow FTP



# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 8080

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir ext4 /cache_dir 100 16 256

# Leave coredumps in the first cache dir
#coredump_dir /var/spool/squid
coredump_dir /cache_dir

# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
#dns_testnames 8.8.8.8


----------------------

Unable to start the Squid Service. Getting the below error

[root@nxtdevlnx09 ~]# service squid start
Redirecting to /bin/systemctl start  squid.service
Job for squid.service failed because the control process exited with error code. See "systemctl status squid.service" and "journalctl -xe" for details.
[root@nxtdevlnx09 ~]#
[root@nxtdevlnx09 ~]# systemctl status squid.service
‚óŹ squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2017-03-14 11:12:30 IST; 7s ago
  Process: 2104 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=1/FAILURE)

Mar 14 11:12:30 nxtdevlnx09 systemd[1]: Starting Squid caching proxy...
Mar 14 11:12:30 nxtdevlnx09 cache_swap.sh[2104]: init_cache_dir /cache_dir...
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: squid.service: control process exited, code=exited status=1
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: Failed to start Squid caching proxy.
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: Unit squid.service entered failed state.
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: squid.service failed.
[root@nxtdevlnx09 ~]#
[root@nxtdevlnx09 ~]# journalctl -xe
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit user-0.slice has begun starting up.
Mar 14 11:12:11 nxtdevlnx09 systemd[1]: Started Session 2 of user root.
-- Subject: Unit session-2.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-2.scope has finished starting up.
--
-- The start-up result is done.
Mar 14 11:12:11 nxtdevlnx09 systemd-logind[762]: New session 2 of user root.
-- Subject: A new session 2 has been created for user root
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
--
-- A new session with the ID 2 has been created for the user root.
--
-- The leading process of the session is 1960.
Mar 14 11:12:11 nxtdevlnx09 systemd[1]: Starting Session 2 of user root.
-- Subject: Unit session-2.scope has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-2.scope has begun starting up.
Mar 14 11:12:11 nxtdevlnx09 sshd[1960]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 14 11:12:11 nxtdevlnx09 dbus[771]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Mar 14 11:12:11 nxtdevlnx09 dbus-daemon[771]: dbus[771]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Mar 14 11:12:11 nxtdevlnx09 dbus[771]: [system] Successfully activated service 'org.freedesktop.problems'
Mar 14 11:12:11 nxtdevlnx09 dbus-daemon[771]: dbus[771]: [system] Successfully activated service 'org.freedesktop.problems'
Mar 14 11:12:30 nxtdevlnx09 polkitd[808]: Registered Authentication Agent for unix-process:2088:34074 (system bus name :1.54 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedes
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: Starting Squid caching proxy...
-- Subject: Unit squid.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit squid.service has begun starting up.
Mar 14 11:12:30 nxtdevlnx09 cache_swap.sh[2104]: init_cache_dir /cache_dir...
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: squid.service: control process exited, code=exited status=1
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: Failed to start Squid caching proxy.
-- Subject: Unit squid.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit squid.service has failed.
--
-- The result is failed.
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: Unit squid.service entered failed state.
Mar 14 11:12:30 nxtdevlnx09 systemd[1]: squid.service failed.
Mar 14 11:12:31 nxtdevlnx09 polkitd[808]: Unregistered Authentication Agent for unix-process:2088:34074 (system bus name :1.54, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale e

Loading...