Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid + Authentication Method : NT Domain

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      exa_gon
      last edited by

      When I configure this authentication methed Squid hang with that error :

      pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2016/06/15 15:52:08| ERROR: Authentication helper program /usr/local/libexec/squid/basic_msnt_auth: (2) No such file or directory FATAL: Authentication helper program /usr/local/libexec/squid/basic_msnt_auth: (2) No such file or directory Squid Cache (Version 3.5.19): Terminated abnormally. CPU Usage: 0.025 seconds = 0.013 user + 0.013 sys Maximum Resident Size: 45664 KB Page faults with physical i/o: 0'

      And the file does not exist in that directory.
      Someone have tried that configuration ?

      thanks in advance!

      1 Reply Last reply Reply Quote 0
      • A
        AWeidner
        last edited by

        I'm trying at the moment. Seems that at least NT Domain and LDAP auth are not working properly at the moment. The 'basic_msnt_auth' helper does not exist in the filesystem.

        Setting up LDAP auth via the Web Interface, pfsense adds a colon to the IP address of the LDAP server when writing the configuration file ' /usr/local/etc/squid/squid.conf'.

        auth_param basic program /usr/local/libexec/squid/basic_ldap_auth -v 2 -b OU=Verwaltungsstruktur,DC=abcdefghij123 -D xxxxxxxxx -w xxxxxxxxxxxxx -f "sAMAccountName=%s" -u  -P 192.168.XXX.XXX:
        
        

        The colon is added when using the FQDN instead of an IP address for the LDAP server, too

        Removing the colon in squid.conf results in a working LDAP configuration, but any change to the config via the web interface breaks it again.

        I'm using 2.3.2-RELEASE-p1 (amd64) on an APU2C4 at the moment.

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          This should use basic_msnt_multi_domain_auth instead. Pretty sure it also is missing bunch of perl dependencies. When you take a package written for Squid 3.3.x and use it for Squid 3.5.x, things break.

          Pull requests go to https://github.com/pfsense/FreeBSD-ports/tree/devel/www/pfSense-pkg-squid

          Good luck.

          1 Reply Last reply Reply Quote 0
          • A
            AWeidner
            last edited by

            @doktornotor:

            This should use basic_msnt_multi_domain_auth instead. Pretty sure it also is missing bunch of perl dependencies. […]

            It does  ::)

            Can't locate Authen/Smb.pm in @INC (you may need to install the Authen::Smb module) \
             (@INC contains: /usr/local/lib/perl5/site_perl/mach/5.20 /usr/local/lib/perl5/site_perl \
            /usr/local/lib/perl5/5.20/mach /usr/local/lib/perl5/5.20 /usr/local/lib/perl5/site_perl/5.20 \
             /usr/local/lib/perl5/site_perl/5.20/mach .) at /usr/local/libexec/squid/basic_msnt_multi_domain_auth line 103\. \
            BEGIN failed--compilation aborted at /usr/local/libexec/squid/basic_msnt_multi_domain_auth line 103.
            
            
            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              https://redmine.pfsense.org/issues/7017

              As for your trailing : for LDAP, that's just PHP being retarded. If you don't have a port set, then set it and it will go away. See https://github.com/pfsense/FreeBSD-ports/pull/232

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                LDAP/RADIUS should work with 0.4.26.

                NT Domain auth is gone with 0.4.29.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.