[squid-users] Problems with squid_ldap_auth from Ricardo Souza on 2009-12-18 (squid-users)

From: Ricardo Souza <ricardo.souza_at_ti.cmtsp.com.br>
Date: Fri, 18 Dec 2009 16:18:39 -0200

HI,

i installed squid-3.1.0.15 from ports on FreeBSD 7.2-RELEASE-p4.

I am trying to integrate it with Active Directory ( windows 2008 ).

Cache.log didnt show any erros but when i try to access any site it
ask my username and password but i cannot authenticate myself.

At squid.conf i have this lines:

# As linhas abaixo se referem a autenticacao de users no AD
auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b
"DC=autopass" -D "cn=autopass\squid,DC=autopass" -w "mypass" -h
192.168.9.12:389

# ACL externa para autentica\xe7\xe3o nas bases LDAP do PDC
external_acl_type ldap_group %LOGIN
/usr/local/libexec/squid/squid_ldap_group -R -b "dc=autopass" -D "cn
=squid,ou=Users,dc=autopass" -w "mypass" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=
%a,ou=Autopass_Internet,dc=autopass))" -h 192.168.9.12

When I run this at console i got no reply.

/usr/local/libexec/squid/squid_ldap_auth -b "DC=autopass" -D
"cn=autopass\squid,DC=autopass" -w "mypass" -h 192.168.9.12:389

I cant use ldapsearch too.

caos# ldapsearch -b "DC=autopass" -D "cn=autopass\squid,DC=autopass"
-w "mypass" -h 192.168.9.12:389
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903AA, comment:
AcceptSecurityContext error, data 525, v1772
caos#

access.log
192.168.9.173 - rasouza [18/Dec/2009:15:33:29 -0200] "GET
http://www.google.com.br/ HTTP/1.1" 407 4345 TCP_DENIED:NONE
192.168.9.173 - rasouza [18/Dec/2009:15:33:29 -0200] "GET
http://www.google.com.br/ HTTP/1.1" 407 4345 TCP_DENIED:NONE
192.168.9.173 - rasouza [18/Dec/2009:15:33:31 -0200] "GET
http://www.google.com.br/ HTTP/1.1" 407 4345 TCP_DENIED:NONE

No firewalls, i can access port 389 of my AD.

Can anyone help me please?

thanks
Received on Fri Dec 18 2009 - 18:18:50 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 19 2009 - 12:00:02 MST