SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
Anonymous | Login | 2022-05-19 22:52 UTC | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000921 | Endian Firewall | Application Level Proxies | public | 2008-06-06 18:38 | 2008-09-10 15:44 | ||||
Reporter | danielgines | ||||||||
Assigned To | simon-endian | ||||||||
Priority | normal | Severity | major | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 2.2-rc1 | ||||||||
Target Version | 2.2-rc3 | Fixed in Version | 2.2-rc2 | ||||||
Summary | 0000921: Active Directory And Squid Problem | ||||||||
Description | I was trying to authenticate Endian Squid users against an Active Directory, but after some tests, I figure out that's Endian wrote a wrong squid.conf file for my AD. First Endian is missing "-v 3" when use with "Active Directory" LDAP option. Second, Endian is allways missing the first LDAP level after the AD BaseDN, for example: I have: memberOf=cn=Internet,CN=Users,DC=teste,DC=com But Endian wrotes a squid.conf like this: memberOf=cn=Internet,DC=teste,DC=com Again I have: memberOf=CN=Administradores,CN=Builtin,DC=teste,DC=com But Endian wrotes a squid.conf like this: memberOf=cn=Administradores,DC=teste,DC=com | ||||||||
Additional Information | Here my diff from squid.conf generated by Endian and my squid.conf finaly working against my Active directory: root@efw:/etc/squid # diff -Nru squid.conf squid.conf-OK --- squid.conf 2008-06-04 21:03:38.000000000 -0300 +++ squid.conf-OK 2008-06-04 20:29:06.000000000 -0300 @@ -63,16 +63,16 @@ # START AUTHENTICATION # METHOD is LDAP -auth_param basic program /usr/lib/squid/squid_ldap_auth -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,DC=teste,DC=com)))" -u sAMAccountName -P 192.168.0.200:389 +auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,CN=Users,DC=teste,DC=com)))" -u sAMAccountName -P 192.168.0.200:389 auth_param basic children 20 auth_param basic realm Endian Advanced Proxy Server auth_param basic credentialsttl 60 minutes -external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P 192.168.0.200:389 +external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com"-w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P 192.168.0.200:389 -acl for_group1_users external ldap_group cn=Administradores,DC=teste,DC=com -acl for_group3_users external ldap_group cn=Internet,DC=teste,DC=com +acl for_group1_users external ldap_group cn=Administradores,CN=Builtin,DC=teste,DC=com +acl for_group3_users external ldap_group cn=Internet,CN=Users,DC=teste,DC=com acl for_inetusers proxy_auth REQUIRED # END AUTHENTICATION Has all of you can see, Endian is missing "CN=Builtin", "CN=Users" and "-v 3" from configurarion. I guess it's a problem with ldap_enabled_groups variable. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
![]() |
|
(0001318) Anonymous (viewer) 2008-06-16 14:45 |
where is the patch ? tks |
(0001431) simon-endian (developer) 2008-07-10 09:04 |
it will be included in the 2.2 rc2 |
![]() |
|||
Date Modified | Username | Field | Change |
2008-06-06 18:38 | danielgines | New Issue | |
2008-06-06 18:55 | peter-endian | Assigned To | => simon-endian |
2008-06-06 18:55 | peter-endian | Status | new => assigned |
2008-06-06 18:55 | peter-endian | Target Version | => 2.2 |
2008-06-12 13:23 | simon-endian | Status | assigned => resolved |
2008-06-12 13:23 | simon-endian | Fixed in Version | => 2.2 |
2008-06-12 13:23 | simon-endian | Resolution | open => fixed |
2008-06-16 14:45 | Anonymous | Status | resolved => feedback |
2008-06-16 14:45 | Anonymous | Resolution | fixed => reopened |
2008-06-16 14:45 | Anonymous | Note Added: 0001318 | |
2008-07-10 09:04 | simon-endian | Note Added: 0001431 | |
2008-07-10 09:04 | simon-endian | Status | feedback => closed |
2008-07-10 09:04 | simon-endian | Resolution | reopened => fixed |
2008-07-10 09:04 | simon-endian | Fixed in Version | 2.2 => 2.2-rc2 |
2008-09-10 15:44 | chris-endian | Target Version | 2.2 => 2.2-rc3 |
Copyright © 2000 - 2012 MantisBT Group |