4. Squid + Authentication Method : NT Domain

Squid + Authentication Method : NT Domain

  • E

    When I configure this authentication methed Squid hang with that error :

    pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2016/06/15 15:52:08| ERROR: Authentication helper program /usr/local/libexec/squid/basic_msnt_auth: (2) No such file or directory FATAL: Authentication helper program /usr/local/libexec/squid/basic_msnt_auth: (2) No such file or directory Squid Cache (Version 3.5.19): Terminated abnormally. CPU Usage: 0.025 seconds = 0.013 user + 0.013 sys Maximum Resident Size: 45664 KB Page faults with physical i/o: 0'

    And the file does not exist in that directory.
    Someone have tried that configuration ?

    thanks in advance!

    0
  • A

    I'm trying at the moment. Seems that at least NT Domain and LDAP auth are not working properly at the moment. The 'basic_msnt_auth' helper does not exist in the filesystem.

    Setting up LDAP auth via the Web Interface, pfsense adds a colon to the IP address of the LDAP server when writing the configuration file ' /usr/local/etc/squid/squid.conf'.

    auth_param basic program /usr/local/libexec/squid/basic_ldap_auth -v 2 -b OU=Verwaltungsstruktur,DC=abcdefghij123 -D xxxxxxxxx -w xxxxxxxxxxxxx -f "sAMAccountName=%s" -u  -P 192.168.XXX.XXX:

    The colon is added when using the FQDN instead of an IP address for the LDAP server, too

    Removing the colon in squid.conf results in a working LDAP configuration, but any change to the config via the web interface breaks it again.

    I'm using 2.3.2-RELEASE-p1 (amd64) on an APU2C4 at the moment.

    0
  • D
    Banned

    This should use basic_msnt_multi_domain_auth instead. Pretty sure it also is missing bunch of perl dependencies. When you take a package written for Squid 3.3.x and use it for Squid 3.5.x, things break.

    Pull requests go to https://github.com/pfsense/FreeBSD-ports/tree/devel/www/pfSense-pkg-squid

    Good luck.

    0
  • A

    @doktornotor:

    This should use basic_msnt_multi_domain_auth instead. Pretty sure it also is missing bunch of perl dependencies. […]

    It does  ::)

    Can't locate Authen/Smb.pm in @INC (you may need to install the Authen::Smb module) \
 (@INC contains: /usr/local/lib/perl5/site_perl/mach/5.20 /usr/local/lib/perl5/site_perl \
/usr/local/lib/perl5/5.20/mach /usr/local/lib/perl5/5.20 /usr/local/lib/perl5/site_perl/5.20 \
 /usr/local/lib/perl5/site_perl/5.20/mach .) at /usr/local/libexec/squid/basic_msnt_multi_domain_auth line 103\. \
BEGIN failed--compilation aborted at /usr/local/libexec/squid/basic_msnt_multi_domain_auth line 103.
    0
  • D
    Banned

    https://redmine.pfsense.org/issues/7017

    As for your trailing : for LDAP, that's just PHP being retarded. If you don't have a port set, then set it and it will go away. See https://github.com/pfsense/FreeBSD-ports/pull/232

    0
  • D
    Banned

    LDAP/RADIUS should work with 0.4.26.

    NT Domain auth is gone with 0.4.29.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy