Bug 11166

Summary:	Single-sign-on with Active Direcotry
Product:	IPFire	Reporter:	Submarine <albrecht>
Component:	squid	Assignee:	Arne.F <arne.fitzenreiter>
Status:	CLOSED CANTFIX	QA Contact:
Severity:	Crash
Priority:	Will affect most users	CC:	arne.fitzenreiter, bugzilla, c.mikschik, hkarling
Version:	2
Hardware:	unspecified
OS:	Unspecified

Description Submarine 2016-08-15 17:23:29 UTC

In the conf-file /etc/squid/squid.conf there is this parameter:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="Domain+Internet_group"

But with the quotes there is an error so nobody get access to the internet. When I remove the quotes I can get acces. But when the internet_group would have a space it wouldnt work anymore.

I think the quotes are ok but anywhere in any script the quotes are not filtered.

Comment 1 hkarling 2016-10-13 16:14:56 UTC

The qutotes are generated in /srv/web/ipfire/cgi-bin/proxy.cgi
line 3429 and 3442
I wrote: print FILE " --require-membership-of=$ntlm_auth_group";
without the /"
Then the squid.conf is written correct and the authentification goes right.
To the Admins: Can you check this?

Comment 2 M.A. 2017-05-14 18:01:09 UTC

Could you please fix this bug?
in the squid.conf the --require-membership-of= has still the "" around the DOMAIN+groupname which generates the problem.
searched for it nearly 3 hours until i could find it :(
thx in advance.

Comment 3 Arne.F 2017-05-30 12:17:50 UTC

All examples that i have found has this quotes because removing the quotes fail if some characters are in the qroup name. Normal winbind should accept the the quotes.

Please try if samba-3.6.25-65 fix this also.