hi,
THANKS...
Could you guide me how to do this, i mean steps to follow.
Regards,
vikas
On Tue, Sep 15, 2009 at 11:58 PM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> tis 2009-09-15 klockan 20:27 +0530 skrev vikas rawat:
>> Hi,
>> For AD authentication i tried;
>>
>> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
>> "dc=Seinpuvi0001,dc=company-sbm,dc=com" -D
>> "cn=testadmin,cn=Pune/Users,dc=Seinpuvi0001,dc=company-sbm,dc=com" -w
>> "pwd" -f sAMAccountName=%s -h ip-address
>> auth_param basic children 5
>> auth_param basic realm squid testing
>> auth_param basic credentialsttl 5 minutes
>>
>>
>> external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
>> -b "dc=company-sbm,dc=com" -D
>> "cn=testadmin,cn=Pune,dc=company-sbm,dc=com" -w "pwd" -f
>> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Pune/Users,dc=company-sbm,dc=com))"
>> -h ip-address
>>
>> But could not connect with AD.
>
> AD security policies generally do not allow the above configuration due
> to the weak authentication mechanism used (unencrypted plaintext).
>
> You can get around this by enabling SSL (requires a SSL certificate to
> be installed on the AD server, and appropriate CA certificate installed
> on the Squid server if not signed by the normally trusted CAs)
>
> Regards
> Henrik
>
>
Received on Wed Sep 16 2009 - 04:40:50 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 16 2009 - 12:00:03 MDT