Squid + Authentication Method : NT Domain



  • When I configure this authentication methed Squid hang with that error :

    pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2016/06/15 15:52:08| ERROR: Authentication helper program /usr/local/libexec/squid/basic_msnt_auth: (2) No such file or directory FATAL: Authentication helper program /usr/local/libexec/squid/basic_msnt_auth: (2) No such file or directory Squid Cache (Version 3.5.19): Terminated abnormally. CPU Usage: 0.025 seconds = 0.013 user + 0.013 sys Maximum Resident Size: 45664 KB Page faults with physical i/o: 0'

    And the file does not exist in that directory.
    Someone have tried that configuration ?

    thanks in advance!



  • I'm trying at the moment. Seems that at least NT Domain and LDAP auth are not working properly at the moment. The 'basic_msnt_auth' helper does not exist in the filesystem.

    Setting up LDAP auth via the Web Interface, pfsense adds a colon to the IP address of the LDAP server when writing the configuration file ' /usr/local/etc/squid/squid.conf'.

    auth_param basic program /usr/local/libexec/squid/basic_ldap_auth -v 2 -b OU=Verwaltungsstruktur,DC=abcdefghij123 -D xxxxxxxxx -w xxxxxxxxxxxxx -f "sAMAccountName=%s" -u  -P 192.168.XXX.XXX:
    
    

    The colon is added when using the FQDN instead of an IP address for the LDAP server, too

    Removing the colon in squid.conf results in a working LDAP configuration, but any change to the config via the web interface breaks it again.

    I'm using 2.3.2-RELEASE-p1 (amd64) on an APU2C4 at the moment.


  • Banned

    This should use basic_msnt_multi_domain_auth instead. Pretty sure it also is missing bunch of perl dependencies. When you take a package written for Squid 3.3.x and use it for Squid 3.5.x, things break.

    Pull requests go to https://github.com/pfsense/FreeBSD-ports/tree/devel/www/pfSense-pkg-squid

    Good luck.



  • @doktornotor:

    This should use basic_msnt_multi_domain_auth instead. Pretty sure it also is missing bunch of perl dependencies. […]

    It does  ::)

    Can't locate Authen/Smb.pm in @INC (you may need to install the Authen::Smb module) \
     (@INC contains: /usr/local/lib/perl5/site_perl/mach/5.20 /usr/local/lib/perl5/site_perl \
    /usr/local/lib/perl5/5.20/mach /usr/local/lib/perl5/5.20 /usr/local/lib/perl5/site_perl/5.20 \
     /usr/local/lib/perl5/site_perl/5.20/mach .) at /usr/local/libexec/squid/basic_msnt_multi_domain_auth line 103\. \
    BEGIN failed--compilation aborted at /usr/local/libexec/squid/basic_msnt_multi_domain_auth line 103.
    
    

  • Banned

    https://redmine.pfsense.org/issues/7017

    As for your trailing : for LDAP, that's just PHP being retarded. If you don't have a port set, then set it and it will go away. See https://github.com/pfsense/FreeBSD-ports/pull/232


  • Banned

    LDAP/RADIUS should work with 0.4.26.

    NT Domain auth is gone with 0.4.29.