Re: [squid-users] Squid + AD (LDAP)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Sat, 14 Jun 2008 11:21:24 +0200

On fre, 2008-06-13 at 18:09 -0700, Alexandre augusto wrote:
> Hi All,
>
> I was wrong when said that my authentication was working in last email...
>
> I´m trying work Squid with MS AD
>
> So this is my squid.conf entry about LDAP auth:
>
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -D "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -w "/usr/local/squid/etc/file" -f "(objectclass=*)" -h ldap_server_ip:port
>
> Using this configuration with Ldapbrowser tool (Softerra), I can search my entire LDAP tree without problems.
>
> my search base is:
>
> CN=user_admin,OU=Usuarios,OU=ABC,DC=abc,DC=com,DC=br

Are you really really sure? That looks very much like the user_admin
object, not the OU (or any upper level) where all your users are found..

> "user_admin" is Domain Admin of AD ( maybe necessary to bind on it ???)

That's what -D does.

> But Squid just give me an old TCP_DENIED entry on log files:
>
> 1213403347.792 15 192.168.10.1 TCP_DENIED/407 2706 GET http://www.gm.com/ user_admin NONE/- text/html
>
> 1213405393.479 15 192.168.10.1 TCP_DENIED/407 2706 GET http://www.squid-cache.org/ user_admin NONE/- text/html

Anything in cache.log?

You might need TLS/SSL for this to work. AD is often configured in such
manner that plaintext authentication (simple bind without encryption) is
not allowed.

Regards
Henrik

Received on Sat Jun 14 2008 - 09:21:34 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 14 2008 - 12:00:03 MDT