Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOLVED -> Squid + Auth + AD = Problem

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 3 Posters 15.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      JEU
      last edited by

      Pfsense 1.2.2 + squid 2.7.7 (non-transparent) + squidguard 1.3-2 (disabled until squid auth works…)
      Hello, i'm trying to get working  squid auth against win2003 AD. I've readed:

      http://forum.pfsense.org/index.php/topic,19450.0.html
      http://forum.pfsense.org/index.php/topic,15596.0.html
      http://forum.pfsense.org/index.php/topic,12954.0.html

      Still no success :(. My conf is this one:

      LDAP: v3
      LDAP Server User DN:  cn=wwww,cn=users,dc=xxxxx,dc=yyy,dc=zz
      LDAP Base Domain:     cn=users,dc=xxxxx,dc=yyy,dc=zz
      LDAP Search Filter:      sAMAccountName=%s

      Which generate this conf lines on squid.conf

      auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b cn=users,dc=xxxxx,dc=yyy,dc=zz -D cn=wwww,cn=users,dc=xxxxx,dc=yyy,dc=zz -w mypass -f "sAMAccountName=%s" -u uid -P servername
      auth_param basic children 5
      auth_param basic realm xxxxx.yyy.zz
      auth_param basic credentialsttl 60 minutes
      acl password proxy_auth REQUIRED
      http_access allow password localnet

      Error Logs in System:

      Nov 18 15:44:03 squid[31924]: Squid Parent: child process 31927 started
      Nov 18 15:44:03 squid[31927]: The basicauthenticator helpers are crashing too rapidly, need help!
      Nov 18 15:44:03 kernel: pid 31927 (squid), uid 62: exited on signal 6
      Nov 18 15:44:03 squid[31924]: Squid Parent: child process 31927 exited due to signal 6

      Error Logs in cache.log:

      2009/11/18 15:43:16| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 19.
      2009/11/18 15:43:16| WCCP Disabled.
      2009/11/18 15:43:16| Ready to serve requests.
      2009/11/18 15:43:16| WARNING: basicauthenticator #1 (FD 7) exited
      2009/11/18 15:43:16| WARNING: basicauthenticator #2 (FD 8) exited
      2009/11/18 15:43:16| WARNING: basicauthenticator #3 (FD 9) exited
      2009/11/18 15:43:16| Too few basicauthenticator processes are running
      FATAL: The basicauthenticator helpers are crashing too rapidly, need help!

      Squid Cache (Version 2.7.STABLE7): Terminated abnormally.
      CPU Usage: 0.049 seconds = 0.020 user + 0.029 sys
      Maximum Resident Size: 7360 KB
      Page faults with physical i/o: 0

      Updated Info:

      From cache.log: /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.7" not found, required by "(squid_ldap_auth)"

      Library Missing!!! XD. If someone has this error, the solution is to download the last package from freebsd (openldap-client-2.4.19) and replace the older version (openldap-client-2.4.10) in pfsense ;)

      1 Reply Last reply Reply Quote 0
      • T Offline
        titus91360
        last edited by

        How to replace the current version ?
        Any command to type ?

        1 Reply Last reply Reply Quote 0
        • O Offline
          ozanus
          last edited by

          Hello,
          I now testing pfsense 1.2.2 and 1.2.3 platform with squid 2.6.20 and squid 2.7.7 version. I need Ldap Auth. withd Windows AD 2003.
          I'm having the same problem. I dont any solution.

          My cache.log ;

          Squid Cache (Version 2.6.STABLE21): Terminated abnormally.
          CPU Usage: 0.034 seconds = 0.000 user + 0.034 sys
          Maximum Resident Size: 5040 KB
          Page faults with physical i/o: 0
          2009/11/19 13:33:39| Starting Squid Cache version 2.6.STABLE21 for i386-portbld-freebsd7.0…
          2009/11/19 13:33:39| Process ID 10044
          2009/11/19 13:33:39| With 3520 file descriptors available
          2009/11/19 13:33:39| Using kqueue for the IO loop
          2009/11/19 13:33:39| Performing DNS Tests...
          2009/11/19 13:33:39| Successful DNS name lookup tests...
          2009/11/19 13:33:39| helperOpenServers: Starting 5 'dnsserver' processes
          2009/11/19 13:33:39| helperOpenServers: Starting 5 'squid_ldap_auth' processes
          /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
          /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
          /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
          /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
          2009/11/19 13:33:39| User-Agent logging is disabled.
          2009/11/19 13:33:39| Referer logging is disabled.
          /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"

          squidldap.JPG
          squidldap.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • O Offline
            ozanus
            last edited by

            Hey bro,
            I solved openldap problem,

            Remove openldap on system ;

            pkg_delete -f openldap-client-2.4.10

            install new openldap version ;

            pkg_add -r http://files.pfsense.org/packages/7/All/openldap-client-2.4.11.tbz

            rehash

            Restart squid and set ldap setting, but new problem is dont auth. active directory : (

            tail /var/squid/log/cache.log

            2009/11/19 14:34:16| WARNING: basicauthenticator #3 (FD 19) exited
            2009/11/19 14:34:16| Too few basicauthenticator processes are running
            2009/11/19 14:34:16| Starting new helpers
            2009/11/19 14:34:16| helperOpenServers: Starting 5 'squid_ldap_auth' processes
            Assertion failed: (chain != NULL), function ldap_first_entry, file getentry.c, line 36.
            2009/11/19 14:39:18| WARNING: basicauthenticator #4 (FD 20) exited
            Assertion failed: (chain != NULL), function ldap_first_entry, file getentry.c, line 36.
            2009/11/19 14:42:57| WARNING: basicauthenticator #5 (FD 21) exited
            Assertion failed: (chain != NULL), function ldap_first_entry, file getentry.c, line 36.
            2009/11/19 14:49:32| WARNING: basicauthenticator #1 (FD 18) exited

            BR

            1 Reply Last reply Reply Quote 0
            • J Offline
              JEU
              last edited by

              @ozanus:

              Hello,
              I now testing pfsense 1.2.2 and 1.2.3 platform with squid 2.6.20 and squid 2.7.7 version. I need Ldap Auth. withd Windows AD 2003.
              I'm having the same problem. I dont any solution.

              My cache.log ;

              Squid Cache (Version 2.6.STABLE21): Terminated abnormally.
              CPU Usage: 0.034 seconds = 0.000 user + 0.034 sys
              Maximum Resident Size: 5040 KB
              Page faults with physical i/o: 0
              2009/11/19 13:33:39| Starting Squid Cache version 2.6.STABLE21 for i386-portbld-freebsd7.0…
              2009/11/19 13:33:39| Process ID 10044
              2009/11/19 13:33:39| With 3520 file descriptors available
              2009/11/19 13:33:39| Using kqueue for the IO loop
              2009/11/19 13:33:39| Performing DNS Tests...
              2009/11/19 13:33:39| Successful DNS name lookup tests...
              2009/11/19 13:33:39| helperOpenServers: Starting 5 'dnsserver' processes
              2009/11/19 13:33:39| helperOpenServers: Starting 5 'squid_ldap_auth' processes
              /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
              /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
              /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
              /libexec/ld-elf.so.1: Shared object "libldap-2.4.so.3" not found, required by "(squid_ldap_auth)"
              2009/11/19 13:33:39| User-Agent logging is disabled.
              2009/11/19 13:33:39| Referer logging is disabled.

              You need to check which version of the ldap library does squid need for the auth. You can see the version needed as an error in the squid's cache.log. Then you need to download the right version of the package ldapclient because each version of the package comes with some version of the ldap library. You can grab the ldapclient package from pfsense repository (up to version 2.4.11) or from freebsd repository (up to version 2.4.19). For squid 2.7.7 you need (at least that happened to me) "libldap-2.4.so.9" which comes with the 2.4.19 ldapclient package.

              Download and install it from command line with "pkg_add -r URL". You need to previously uninstall the old package with (pkg_delete libldpa-client-xxxx). Not sure about what does the "rehash" command but i suppose its right too.

              1 Reply Last reply Reply Quote 0
              • J Offline
                JEU
                last edited by

                @ozanus:

                Hey bro,
                I solved openldap problem,

                Remove openldap on system ;

                pkg_delete -f openldap-client-2.4.10

                install new openldap version ;

                pkg_add -r http://files.pfsense.org/packages/7/All/openldap-client-2.4.11.tbz

                rehash

                Restart squid and set ldap setting, but new problem is dont auth. active directory : (

                tail /var/squid/log/cache.log

                2009/11/19 14:34:16| WARNING: basicauthenticator #3 (FD 19) exited
                2009/11/19 14:34:16| Too few basicauthenticator processes are running
                2009/11/19 14:34:16| Starting new helpers
                2009/11/19 14:34:16| helperOpenServers: Starting 5 'squid_ldap_auth' processes
                Assertion failed: (chain != NULL), function ldap_first_entry, file getentry.c, line 36.
                2009/11/19 14:39:18| WARNING: basicauthenticator #4 (FD 20) exited
                Assertion failed: (chain != NULL), function ldap_first_entry, file getentry.c, line 36.
                2009/11/19 14:42:57| WARNING: basicauthenticator #5 (FD 21) exited
                Assertion failed: (chain != NULL), function ldap_first_entry, file getentry.c, line 36.
                2009/11/19 14:49:32| WARNING: basicauthenticator #1 (FD 18) exited

                BR

                Double check errors from cache.log, and check if you have the right version of the ldap client library. After that, verify how its writed the squid auth configuration parameters (directly from the squid.conf). Mine looks like:

                auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b dc=xxxxx,dc=yyy,dc=zz -D cn=wwww,cn=Users,dc=xxxxx,dc=yyy,dc=zz -w MyPass -f "sAMAccountName=%s" -u uid -P ServerIP

                Cheers.

                1 Reply Last reply Reply Quote 0
                • O Offline
                  ozanus
                  last edited by

                  I'm renew install openldap fix problem.

                  Thanks.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.