[Php-it] Squid, autenticazione ldap e windows 2003 server

Cosimo Leo leo.mimmo at gmail.com
Tue Sep 25 12:25:37 CEST 2007 

Ciao a tutti!

Nella speranza che questo messaggio arrivi alla lista vi espongo il mio
problema.

In ogni caso scusate l'OT, ma non so più a chi chiedere.

 Premetto che è la prima volta che lavoro con Squid.
La situazione è la seguente:
ho una macchina con windows 2003 server che è controller di dominio.
Su tale macchina ho installato SquidNT versione 2.6 STABLE 16
Aiutandomi con le varie info reperite in rete ho abbozzatto una
configurazione molto semplice.
Ho provato, poi, i vari metodi di autenticazione utente incontrando
difficoltà con l'helper squid_ldap_auth.
In pratica, tentando di aprire una pagina web dal server  mi appare la
finestra di autenticazione, ma, qualsiasi valore metta nei campi username e
password,
non vengo mai autenticato, fino a che, dopo il terzo tentativo, mi appare
una pagina con il seguente messaggio di errore: "Cache Access Denied".

Nel Dominio, oltre all'utente Administrator,ho creato altri 2 utenti:
1) test, nella cartella users
2) prova, nella cartella built-in

Con le credenziali di nessuno di essi (compreso l'utente Administrator)
riesco ad autenticarmi.

Ho testato la connessione ldap usando le funzioni apposite di php e sembra
fungere.

Vi incollo di seguito il contenuto del file di configurazione

##########################################################################################
http_port 3128
icp_port 3130
cache_mem 8 MB
cache_dir ufs D:/squid/var/cache 100 16 256
cache_access_log D:/squid/var/logs/access.log
cache_log D:/squid/var/logs/cache.log
cache_store_log D:/squid/var/logs/store.log
emulate_httpd_log off
mime_table D:/squid/etc/mime.conf
pid_filename D:/squid/var/run/squid.pid

auth_param basic program D:/squid/libexec/squid_ldap_auth.exe -b
"dc=sedecentrale,dc=biesseitalia,dc=it" ### ho anche provato con i parametri
-D -w -R -P, ma nulla ####
auth_param basic children
5
auth_param basic realm NTLM
auth_param basic credentialsttl 5 minutes

acl password proxy_auth REQUIRED

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl locallan src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow password
icp_access allow all
miss_access allow all
cache_mgr netmaster at nome_azienda.com
visible_hostname proxy.nome_azienda.com
unique_hostname proxy.nome_azienda.com
forwarded_for off
#############################################################################

L'ultima parte del file cache.log

############################################################################
007/09/21 10:07:38| Starting Squid Cache version 2.6.STABLE16 for
i686-pc-winnt...
2007/09/21 10:07:38| Running as Squid Windows System Service on Windows
Server 2003
2007/09/21 10:07:38| Service command line is: servicecommandline
2007/09/21 10:07:38| Process ID 3144
2007/09/21 10:07:38| With 2048 file descriptors available
2007/09/21 10:07:38| With 2048 CRT stdio descriptors available
2007/09/21 10:07:38| Windows sockets initialized
2007/09/21 10:07:38| Using select for the IO loop
2007/09/21 10:07:38| Performing DNS Tests...
2007/09/21 10:07:38| Successful DNS name lookup tests...
2007/09/21 10:07:38| DNS Socket created at 0.0.0.0, port 1754, FD 5
2007/09/21 10:07:38| Adding nameserver 193.70.192.25 from Registry
2007/09/21 10:07:38| Adding nameserver 193.70.152.25 from Registry
2007/09/21 10:07:38| Adding nameserver 193.70.192.25 from Registry
2007/09/21 10:07:38| Adding nameserver 193.70.152.25 from Registry
2007/09/21 10:07:38| helperOpenServers: Starting 5 'squid_ldap_auth.exe'
processes
2007/09/21 10:07:38| User-Agent logging is disabled.
2007/09/21 10:07:38| Referer logging is disabled.
2007/09/21 10:07:38| Unlinkd pipe opened on FD 28
2007/09/21 10:07:38| Swap maxSize 102400 KB, estimated 7876 objects
2007/09/21 10:07:38| Target number of buckets: 393
2007/09/21 10:07:38| Using 8192 Store buckets
2007/09/21 10:07:38| Max Mem  size: 8192 KB
2007/09/21 10:07:38| Max Swap size: 102400 KB
2007/09/21 10:07:38| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2007/09/21 10:07:38| Rebuilding storage in D:/squid/var/cache (CLEAN)
2007/09/21 10:07:38| Using Least Load store dir selection
2007/09/21 10:07:38| Current Directory is D:\squid\sbin
2007/09/21 10:07:38| Loaded Icons.
2007/09/21 10:07:38| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 34.
2007/09/21 10:07:38| Accepting ICP messages at 0.0.0.0, port 3130, FD 35.
2007/09/21 10:07:38| Accepting HTCP messages on port 4827, FD 36.
2007/09/21 10:07:38| Accepting SNMP messages on port 3401, FD 37.
2007/09/21 10:07:38| Ready to serve requests.
2007/09/21 10:07:38| Done reading D:/squid/var/cache swaplog (0 entries)
2007/09/21 10:07:38| Finished rebuilding storage from disk.
2007/09/21 10:07:38|         0 Entries scanned
2007/09/21 10:07:38|         0 Invalid entries.
2007/09/21 10:07:38|         0 With invalid flags.
2007/09/21 10:07:38|         0 Objects loaded.
2007/09/21 10:07:38|         0 Objects expired.
2007/09/21 10:07:38|         0 Objects cancelled.
2007/09/21 10:07:38|         0 Duplicate URLs purged.
2007/09/21 10:07:38|         0 Swapfile clashes avoided.
2007/09/21 10:07:38|   Took 0.1 seconds (   0.0 objects/sec).
2007/09/21 10:07:38| Beginning Validation Procedure
2007/09/21 10:07:38|   Completed Validation Procedure
2007/09/21 10:07:38|   Validated 0 Entries
2007/09/21 10:07:38|   store_swap_size = 0k
2007/09/21 10:07:39| storeLateRelease: released 0 objects
###################################################################################

L'ultima parte del contenuto del file access.log

############################################################################
1190362316.433     10 127.0.0.1 TCP_MISS/200 1059 GET
cache_object://localhost/basicauthenticator - NONE/- text/plain
1190362317.164      0 127.0.0.1 TCP_MISS/200 1059 GET
cache_object://localhost/basicauthenticator - NONE/- text/plain
1190362317.925      0 127.0.0.1 TCP_MISS/200 1059 GET
cache_object://localhost/basicauthenticator - NONE/- text/plain
1190363194.926      0 192.168.0.250 TCP_DENIED/407 1831 GET
http://www.google.it/ bsitalia NONE/- text/html
1190363196.208     20 192.168.0.250 TCP_DENIED/407 1831 GET
http://www.google.it/ bsitalia NONE/- text/html
1190363198.211     20 192.168.0.250 TCP_DENIED/407 1831 GET
http://www.google.it/ bsitalia NONE/- text/html
1190363198.231     20 192.168.0.250 TCP_DENIED/407 1831 GET
http://www.google.it/
bsitalia NONE/- text/html
1190363849.026     30 192.168.0.250 TCP_DENIED/407 1831 GET
http://www.google.it/ administrator at sedecentrale.biesseitalia.it NONE/-
text/html
1190363875.144     30 192.168.0.250 TCP_DENIED/407 1831 GET
http://www.google.it/ sedecentrale.biesseitalia.it/administrator NONE/-
text/html
1190363890.817      0 127.0.0.1 TCP_MISS/200 1061 GET
cache_object://localhost/basicauthenticator - NONE/- text/plain
1190364987.844       0 192.168.0.250 TCP_DENIED/407 1831 GET
http://www.google.it/ sedecentrale.biesseitalia.it/administrator NONE/-
text/html
############################################################

Spero possiate aiutarmi

CIAU CIAU
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ziobudda.net/pipermail/php-it/attachments/20070925/7fa77a44/attachment-0001.html

More information about the Php-it mailing list