When I used (from command line) it's OK. /usr/lib/squid/squid_ldap_auth -R -b "dc=xx,dc=yyy,dc=uuuu,dc=rrrr" -f sAMAccountName=%s -h 10.239.56.2 -----Messaggio originale----- Da: Tim Neto [mailto:tneto@xxxxxxxxxx] Inviato: martedì 14 febbraio 2006 16.01 A: squid-users@xxxxxxxxxxxxxxx Cc: Esteban; Franco, Battista Oggetto: Re: Squid - LDAP One thing to note, In Windows 2003 Server, Microsoft disables anonymous LDAP binds by default. Instead of doing an anonymous bind, try testing your squid_ldap_auth command with options to bind as an authorative user. Like: /usr/lib/squid/squid_ldap_auth -D Administrator -w Admin_Password -R -b "dc=xx,dc=yyy,dc=uuuu,dc=rrrr" -f sAMAccountName=%s -h 10.239.56.2 Note the -D and -w options. I do not recommend encoding the Active Directory administrator account in the squid configuration file. Either set up another authorized account that has read only permissions, or see Microsoft's documentation on enabling anonymous binds to a Windows 2003 Active Directory via LDAP. Tim ----------------------------------------------------------- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x265 1725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: tneto@xxxxxxxxxx L4W 1P9 ----------------------------------------------------------- Esteban wrote: > Test if the autenticator work.. > run "/usr/lib/squid/squid_ldap_auth -R -b "dc=xx,dc=yyy,dc=uuuu,dc=rrrr" -f > sAMAccountName=%s -h 10.239.56.2" > And enter "Username<SPACE>password<ENTER>" IF you get OK the autenticator > Works If you always get an ERR you should chech te configuration of the > Helper / the Ldap Server > > And "for testing only" use this Http_access Schema > > http_access allow password > http_access deny all > > > >> My squid.conf is: >> ..... >> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b >> "dc=xx,dc=yyy,dc=uuuu,dc=rrrr" -f sAMAccountName=%s -h 10.239.56.2 >> auth_param basic children 5 >> auth_param basic realm Squid proxy-caching web server >> auth_param basic credentialsttl 2 hours >> auth_param basic casesensitive off >> ..... >> acl password proxy_auth REQUIRED >> acl all src 0.0.0.0/0.0.0.0 >> acl manager proto cache_object >> acl localhost src 127.0.0.1/255.255.255.255 >> acl to_localhost dst 127.0.0.0/8 >> acl SSL_ports port 443 563 407 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 563 # https, snews >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl Safe_ports port 407 >> acl CONNECT method CONNECT >> > > > >> http_access allow manager localhost >> http_access allow password >> http_access deny manager >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access allow localhost >> http_access deny all >> .... >> cache_peer another-proxy.xxxx.com parent 8080 0 proxy-only default >> # >> >> Which is the problem? >> >> > > > >
