On fre, 2008-06-13 at 18:09 -0700, Alexandre augusto wrote:
> Hi All,
>
> I was wrong when said that my authentication was working in last email...
>
> I´m trying work Squid with MS AD
>
> So this is my squid.conf entry about LDAP auth:
>
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -D "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -w "/usr/local/squid/etc/file" -f "(objectclass=*)" -h ldap_server_ip:port
>
> Using this configuration with Ldapbrowser tool (Softerra), I can search my entire LDAP tree without problems.
>
> my search base is:
>
> CN=user_admin,OU=Usuarios,OU=ABC,DC=abc,DC=com,DC=br
Are you really really sure? That looks very much like the user_admin
object, not the OU (or any upper level) where all your users are found..
> "user_admin" is Domain Admin of AD ( maybe necessary to bind on it ???)
That's what -D does.
> But Squid just give me an old TCP_DENIED entry on log files:
>
> 1213403347.792 15 192.168.10.1 TCP_DENIED/407 2706 GET http://www.gm.com/ user_admin NONE/- text/html
>
> 1213405393.479 15 192.168.10.1 TCP_DENIED/407 2706 GET http://www.squid-cache.org/ user_admin NONE/- text/html
Anything in cache.log?
You might need TLS/SSL for this to work. AD is often configured in such
manner that plaintext authentication (simple bind without encryption) is
not allowed.
Regards
Henrik
This archive was generated by hypermail 2.2.0 : Sat Jun 14 2008 - 12:00:03 MDT