mjhjmtu

I need authenticate a squid 3.5 with a Active Directory build (over SAMBA4)

POST-DATA: This ubuntu is already joined to the Active Directory built on SAMBA4

I do not know if the problem is in the auth line: auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4

#------------------------------------------- GENERAL CONFIGURATION ----------------------------------------------
#
cache_mem 64 MB
#
# CACHE STATEMENT FOR SQUID
cache_dir ufs /var/spool/squid 20480 16 256
#
client_netmask 255.255.255.255
dead_peer_timeout 10 seconds
#
#---------------------------------------------- AUTH CONFIGURATION ----------------------------------------------
#

auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4

#
#
# PATH FOR THE LOGS
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
useragent_log none
#cache_log /var/log/squid/cache.log
#cache_store_log /var/log/squid/store.log
#useragent_log /var/log/squid/useragent.log
#
auth_param basic children 5
error_directory /usr/share/squid/errors/Spanish
authenticate_ttl 1 hour
#
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
#
# TAG: nonhierarchical_direct
nonhierarchical_direct off
cache_swap_low 95
cache_swap_high 98
maximum_object_size 524288 KB
maximum_object_size_in_memory 1024 KB
offline_mode off
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#
# reply_header_max_size 20 KB

# TAG: request_header_max_size (KB)
# This specifies the maximum size for HTTP headers in a request.
# Request headers are usually relatively small (about 512 bytes).
# Placing a limit on the request header size will catch certain
# bugs (for example with persistent connections) and possibly
# buffer-overflow or denial-of-service attacks.
#Default:
request_header_max_size 64 KB

# TAG: client_request_buffer_max_size (bytes)
# This specifies the maximum buffer size of a client request.
# It prevents squid eating too much memory when somebody uploads
# a large file.
#Default:
client_request_buffer_max_size 512 KB

# TAG: request_body_max_size (KB)
request_body_max_size 0 KB
#
debug_options ALL,2
shutdown_lifetime 15 seconds
httpd_suppress_version_string on
#
# TAG: refresh_pattern
#------------------------------------------------- CACHE REFESH -------------------------------------------------
#
refresh_pattern -i ^ftp: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^http: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^gopher: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i . 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
#
refresh_pattern -i kaspersky 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i grisoft 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avg 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i eset 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i nod_eval 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i symantec 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avast 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i clamav 960 200% 2160 reload-into-ims override-expire override-lastmod
#
refresh_pattern -i (/cgi-bin/|?) 0 0 0
#
# IMAGENES
refresh_pattern -i .gif$ 14400 80% 43200
refresh_pattern -i .tiff?$ 14400 80% 43200
refresh_pattern -i .bmp$ 14400 80% 43200
refresh_pattern -i .jp?g$ 14400 80% 43200
refresh_pattern -i .xbm$ 14400 80% 43200
refresh_pattern -i .png$ 14400 80% 43200
refresh_pattern -i .wrl$ 14400 80% 43200
refresh_pattern -i .ico$ 14400 80% 43200
refresh_pattern -i .pnm$ 14400 80% 43200
refresh_pattern -i .pbm$ 14400 80% 43200
refresh_pattern -i .pgm$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .xpm$ 14400 80% 43200
refresh_pattern -i .xwd$ 14400 80% 43200
refresh_pattern -i .pict?$ 14400 80% 43200
#
# MOVIES
refresh_pattern -i .mov$ 14400 80% 43200
refresh_pattern -i .mp?g?$ 14400 80% 43200
refresh_pattern -i .avi$ 14400 80% 43200
refresh_pattern -i .qtm?$ 14400 80% 43200
refresh_pattern -i .viv$ 14400 80% 43200
refresh_pattern -i .swf$ 14400 80% 43200
refresh_pattern -i .flv$ 14400 80% 43200
refresh_pattern -i .mp4$ 14400 80% 43200
refresh_pattern -i .mkv$ 14400 80% 43200
refresh_pattern -i .wmv$ 14400 80% 43200
#
# SOUNDS
refresh_pattern -i .wav$ 14400 80% 43200
refresh_pattern -i .aiff?$ 14400 80% 43200
refresh_pattern -i .au$ 14400 80% 43200
refresh_pattern -i .ram?$ 14400 80% 43200
refresh_pattern -i .snd$ 14400 80% 43200
refresh_pattern -i .mid$ 14400 80% 43200
refresh_pattern -i .mp2$ 14400 80% 43200
refresh_pattern -i .mp3$ 14400 80% 43200
refresh_pattern -i .ogg$ 14400 80% 43200
#
# ARCHIVES
refresh_pattern -i .sit$ 14400 80% 43200
refresh_pattern -i .zip$ 14400 80% 43200
refresh_pattern -i .7zip$ 14400 80% 43200
refresh_pattern -i .hqx$ 14400 80% 43200
refresh_pattern -i .exe$ 14400 80% 43200
refresh_pattern -i .arj$ 14400 80% 43200
refresh_pattern -i .lzh$ 14400 80% 43200
refresh_pattern -i .lha$ 14400 80% 43200
refresh_pattern -i .cab$ 14400 80% 43200
refresh_pattern -i .rar$ 14400 80% 43200
refresh_pattern -i .tar$ 14400 80% 43200
refresh_pattern -i .gz$ 14400 80% 43200
refresh_pattern -i .z$ 14400 80% 43200
refresh_pattern -i .a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i .r[0-9][0-9]$ 14400 80% 43200
#
# DATA FILES
refresh_pattern -i .txt$ 14400 80% 43200
refresh_pattern -i .pdf$ 14400 80% 43200
refresh_pattern -i .doc$ 14400 80% 43200
refresh_pattern -i .rtf$ 14400 80% 43200
refresh_pattern -i .tex$ 14400 80% 43200
refresh_pattern -i .latex$ 14400 80% 43200
#
# JAVA-TYPE OBJECTS
refresh_pattern -i .class$ 14400 80% 43200
refresh_pattern -i .js$ 14400 80% 43200
refresh_pattern -i .class$ 14400 80% 43200
#
# WEB-TYPE OBJECTS
refresh_pattern -i .css$ 10 20% 4320
refresh_pattern -i .html?$ 10 20% 4320
refresh_pattern /$ 10 20% 4320
#
# TO AVOID PROBLEMS WITH .DO SCRIPTS
refresh_pattern -i .do$ 0 0% 1440
#
# TAG: quick_abort (KB)
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
# TAG: reload_into_ims on|off
reload_into_ims on
#
# TAG: collapsed_forwarding (on|off)
collapsed_forwarding on
#
# TAG: refresh_stale_hit (time)
refresh_stale_hit 10 seconds
#
# TAG: half_closed_clients
half_closed_clients off
#
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
append_domain .X1.X2.X3.X4
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
#
# ACCESS CONTROL
#-----------------------------------------------------------------------------
#Defaults
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl sqstat src 172.16.5.0/255.255.255.255
acl working time MTWHF 08:00-17:00
acl not_working time MTWHF 17:01-23:59
acl early_morning time MTWHF 00:00-07:59
acl weekend time AS 00:00-23:59
acl downloads_restricted urlpath_regex "/etc/squid/rules/ext_restrict_list"
acl downloads urlpath_regex "/etc/squid/rules/ext_allow_list"
acl media_sites url_regex -i "/etc/squid/rules/media_sites_list"
acl threads maxconn 5
acl community snmp_community public
acl password proxy_auth REQUIRED
acl connect method CONNECT
acl X4_inside dstdomain .X4
acl sites-ok dstdomain "/etc/squid/rules/allow/sites_allow_list"
acl no_ip1 urlpath_regex .[0-9]3$.[a-zA-Z][0-9]2,$
acl no_ip2 dstdom_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
acl msn_messenger req_mime_type -i ^application/x-msn-messenger$
#
acl ext_audio_video urlpath_regex "/etc/squid/rules/restricted/ext_audio_video_list"
acl no_chat1 dstdomain "/etc/squid/rules/restricted/chat/chat_domains_list"
acl no_chat2 url_regex "/etc/squid/rules/restricted/chat/chat_urls_list"
acl no_filehosting1 dstdomain "/etc/squid/rules/restricted/filehosting/fhost_domains_list"
acl no_filehosting2 url_regex "/etc/squid/rules/restricted/filehosting/fhost_urls_list"
acl no_filesharing1 dstdomain "/etc/squid/rules/restricted/filesharing/fshare_domains_list"
acl no_filesharing2 url_regex "/etc/squid/rules/restricted/filesharing/fshare_urls_list"
acl no_instantmessaging1 dstdomain "/etc/squid/rules/restricted/instantmessaging/im_domains_list"
acl no_instantmessaging2 url_regex "/etc/squid/rules/restricted/instantmessaging/im_urls_list"
acl no_proxy1 dstdomain "/etc/squid/rules/restricted/proxy/proxy_domains_list"
acl no_proxy2 url_regex "/etc/squid/rules/restricted/proxy/proxy_urls_list"
acl no_social_networks dstdomain "/etc/squid/rules/restricted/social_networks/snet_domains_list"
acl forbidden_words url_regex "/etc/squid/rules/restricted/forbidden_words_list"
acl it_words url_regex "/etc/squid/rules/restricted/it_words_list"
acl X1_words url_regex "/etc/squid/rules/restricted/X1_words_list"
acl word_restricted_plus url_regex "/etc/squid/rules/restricted/word_restricted_plus"
acl browsers_apps browser "/etc/squid/rules/browsers_apps_list"
#
# STATEMENTS TO IP ADDRESS ALLOW
#-----------------------------------------------------------------------------
acl ip_addrs_dmz_servers src "/etc/squid/rules/ip_addrs/ip_adrs_dmz_list"
acl ip_addrs_admins src "/etc/squid/rules/ip_addrs/ip_adrs_admins_list"
acl ip_addrs_lan_internet src "/etc/squid/rules/ip_addrs/ip_addrs_lan_3w_list"
acl ip_addrs_lan_X4_inside src "/etc/squid/rules/ip_addrs/ip_addrs_lan_X4_inside_list"
acl lan_subnet src 192.168.222.0/24
#
acl users_admins proxy_auth "/etc/squid/rules/user/users_admins_list"
acl users_X1_internet proxy_auth "/etc/squid/rules/user/users_X1_internet_list"
acl users_X1_X4_inside proxy_auth "/etc/squid/rules/user/users_X1_X4_inside_list"
#
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21 # ftp
#acl Safe_ports port 1935 # openmeetings
#acl Safe_ports port 5080 # openmeetings
#acl Safe_ports port 8088 # openmeetings
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 6667 # irc
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
#acl Safe_ports port 631 # cups
#acl Safe_ports port 873 # rsync
#acl Safe_ports port 901 # SWAT
#
# END OF ACL
#-------------------------------------------------------------------------------
# DEFAULT CONFIGURATION
#---- Mrtg -----
snmp_port 3401
snmp_access allow community localhost
snmp_access deny all
#
http_access allow manager localhost
http_access allow manager ip_addrs_admins
http_access allow manager sqstat
http_access allow ip_addrs_dmz_servers
http_access allow ip_addrs_admins users_admins
http_access deny manager
http_access deny purge !localhost
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access deny connect no_ip1 all
#http_access deny connect no_ip2 all
#http_access deny msn_messenger
#
#-------------------------------------------------------------------------------
# HERE I DEFINE THE ACL POLICY
#-------------------------------------------------------------------------------
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localhost
#http_access deny !browsers_apps
#
#########################################################################
# HERE WE GIVE ACCESS TO MACHINES THAT JUST CAN BROWSE INSIDE .X4 DOMAIN 
#########################################################################
http_access allow ip_addrs_lan_X4_inside users_X1_X4_inside X4_inside sites-ok !no_ip1 !no_ip2 !X1_words !ext_audio_video

###############################################
# HERE WE GIVE THE INTERNET ACCESS TO MACHINES
###############################################
http_access allow ip_addrs_lan_internet users_X1_internet !no_ip1 !no_ip2 !no_proxy1 !no_proxy2 !ext_audio_video !no_chat1 !no_chat2 !no_filehosting1 !no_filehosting2 !no_filesharing1 !no_instantmessaging1 !no_instantmessaging2 !no_social_networks
http_access deny all
#
# TAG: http_reply_access
http_reply_access allow all
#
icp_access allow all

#------------------------------------------------------------------------------
# END OF POLICY
#------------------------------------------------------------------------------

# MISCELANEAS
#--------------------------------------------------------------------------------------------
auth_param basic realm ¡HOLA! COMO PROXY DEL ENTORNO X1.X2.X3.X4 | SUGIERO: ¡CUIDADO!
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#
cache_mgr admins@X2.X3.X4
visible_hostname proxy.X2.X3.X4

# HERE WE WRITE SEEM TO THE APACHE LOGS
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%Referer>h" "%User-Agent>h" %Ss:%Sh
logfile_rotate 10

# ACELERATION
#httpd_accel_host virtual
#httpd_accel_port 0
#httpd_accel_with_proxy on

# PASSWORDS
cachemgr_passwd UnixMan all
cache_effective_user proxy
cache_effective_group proxy
#
# TAG: coredump_dir
coredump_dir /var/spool/squid
#
http_port 172.16.5.4:3128
always_direct allow all
#
# 
# PASSIVE FTP
ftp_user admins@X2.X3.X4
ftp_list_width 32
ftp_sanitycheck on
ftp_passive on

# TAG: dns_nameservers
dns_nameservers 172.16.5.11 172.16.5.12

#------------------------------ DELAYS POOLS ------------------------------#

################################################
## BANDWITH TABLA VALUES ##
#-----------------------------------------------
# TRANSFER RATE DELAY_POOLS VALUE
#-----------------------------------------------
# 32 Kbps 4096
# 64 Kbps 8192
# 100 Kbps 12800
# 128 Kbps 16384 > [ 1Mbps ]
# 150 Kbps 19200
# 256 Kbps 32768 > [ 2Mbps ]
# 300 Kbps 38400
# 350 Kbps 44800
# 384 Kbps 49152 > [ 3Mbps ]
# 400 Kbps 51200
# 512 Kbps 65536 > [ 4Mbps ]
# 550 Kbps 70400
# 600 Kbps 76800
# 650 Kbps 83200
# 700 Kbps 89600
# 750 Kbps 96000
# 768 Kbps 98304 > [ 6Mbps ]
# 800 Kbps 102400
# 850 Kbps 108800
# 900 Kbps 115200
# 950 Kbps 121600
# 1024 Kbps 131072
# 1050 Kbps 134400
#
delay_class 1 1
delay_parameters 1 49152/49152 # IP ADDRESS LAN - [ 384 Kbps = 3Mbps ]
delay_access 1 allow lan_subnet
delay_access 1 deny all