openSUSE Forums > Archives > SF Archives > ARCHIVES - Network/Internet » Squidguard Ldap Auth Not Working

Go Back   openSUSE Forums > Archives > SF Archives > ARCHIVES - Network/Internet
Reload this Page Squidguard Ldap Auth Not Working
Forums FAQ Members List Search Today's Posts Mark Forums Read


ARCHIVES - Network/Internet Questions regarding network or Internet configuration and use in SUSE Linux

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 29-May-2008, 07:43
Anderson Deluiz
Guest
  
Posts: n/a
Default
Hi all!

We have squid (v2.5.STABLE12) + squidguard (v1.3 Sleepycat Software: Berkley DB 4.3.29) working today using LDAP simple authentication against a MS W2K3 AD Server. It runs on SLES 10 SP1 32-bit and works fine!

Now, to improve security, we are installing a new server to test squid (v2.5.STABLE12) + winbindd (samba v3.0.24) + kerberos (MIT krb5 v1.4.3) + squidguard (v1.3 Sleepycat Software: Berkley DB 4.3.29). I’ve configured and tested squid + winbindd + kerberos and they are working fine. Squid can authenticate a user. But I have a problem with squidGuard: I can’t authenticate it against AD server anymore, even using the same ldap query (in fact, the same config file) that is working today. Here is the message that appears in squidGuard.log file:

Code:
2008-05-26 16:43:43 [5977] squidGuard ready for requests (1211831023.527)
2008-05-26 16:44:23 [5977] (squidGuard): ldap_search_ext_s failed: Operations error (params: dc=domain,dc=com,dc=br, 2, (&(objectclass=user)(sAMAccountName=myuser)(memberof=cn=mygroup,cn=users,dc=domain,dc=com,dc=br)), sAMAccountName)
2008-05-26 16:44:23 [5977] Added LDAP source: myuser
I searched at Google but didn’t find anything relevant, just a few pieces of code.

Here is the piece of log from squid’s cache.log file regarding the squidguard log above:

Code:
[2008/05/26 16:44:35, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(739)
**Got user=[myuser] domain=[DOMAIN] workstation=[WORKSTATION] len1=24 len2=24
[2008/05/26 16:44:35, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
**NTLMSSP Sign/Seal - Initialising with flags:
[2008/05/26 16:44:35, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
**Got NTLMSSP neg_flags=0xa2088205
2008/05/26 16:44:35| The request GET http://www.uol.com.br/ is ALLOWED, because it matched 'password'
2008/05/26 16:44:35| carpSelectParent: CARP Calculating hash for http://myhttpserver/cgi-bin/bloq?url...rgetgroup=none
2008/05/26 16:44:35| The reply for GET http://myhttpserver/cgi-bin/bloq?url...rgetgroup=none is ALLOWED, because it matched 'all'
2008/05/26 16:44:35| fwdServerClosed: FD 27 http://myhttpserver/cgi-bin/bloq?url...rgetgroup=none
Any idea of what is happening ?

SquidGuard was compiled with this settings:

# ./configure –prefix=/usr/local/squidGuard –with-db –with-ldap

LDAP development package is provided by SUSE and is openldap2-devel-2.3.32-0.10.

Thanks in advance.
 

Bookmarks

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Contact Us - openSUSE Forums - Archive - Privacy Statement - Top
© 2007 Novell, Inc. All Rights Reserved. This site uses the YAML CSS framework. All times are GMT -6. The time now is 12:35.
About openSUSE | Disclaimers | Feedback

Founded by Novell
 

Search Engine Friendly URLs by vBSEO 3.3.0 RC2