[wellylug] [nzlug] Squid LDAP - authentication denied error... Resolved
David Harrison
david.harrison at stress-free.co.nz
Wed Feb 6 10:28:30 NZDT 2008
Thanks for this feedback Craig.
I've literally just this minute resolved the issue (after a nights
sleep).
Turns out it was SELinux getting in the way and blocking the
communication between the squid daemon and LDAP helpers.
I have disabled SELinux for the time being and all is operating as
expected.
Situation resolved :-)
Regards,
David
On 6/02/2008, at 4:07 AM, Craig Box wrote:
>>
>> I would really appreciate any pearls of wisdom as I am at a bit of a
>> dead end.
>>
>> Squid 2.6 is running on Centos 5.1.
>> With Squid debugging enabled I see the following in my cache log:
>>
>> /var/log/squid/cache.log:
>> 2008/02/05 16:51:39| The request GET http://www.google.co.nz/ is
>> DENIED, because it matched 'authenticated_users'
>> 2008/02/05 16:51:39| The reply for GET http://www.google.co.nz/ is
>> ALLOWED, because it matched 'authenticated_users'
>
>
> Note one reads 'request' and one reads 'reply'. You have
> "http_reply_access
> allow all" set, so this is expected.
>
> I used to run servers against AD using winbind, and would see
> problems like
> this due to the squid user not having permission to access Winbind's
> pipe. I
> don't know if the LDAP helper operates quite the same way, but I
> suspect
> that your problem is just that proxy auth is failing for one reason or
> another.
>
> Craig
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
More information about the wellylug
mailing list