Hello! I'm working in a pre-production enviorement with virtual machines, one running squid in a debian etch trying to auth the users with an Active Directory installed in other virtual machine running MS Windows 2003 Server. Before this I success auth with unix passwords file without problems. Now I'm following this guide to auth trought LDAP with Active Directory --> http://papercut.biz/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory This is part of my squid.conf where I specify auth module: # -- PRUEBA AUTH LDAP contra AD auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=raah,dc=local" -D "cn=Administrador,cn=squid _users,ou=Users,dc=raah,dc=local" -w "admin" -f sAMAccountName=%s -h 192.168.0.90 auth_param basic children 5 auth_param basic realm ACMEProxy auth_param basic credentialsttl 5 minutes and this is de ACL adapted to my enviorement: # Mi ACL contra AD external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=raah,dc=local" -D "cn=Administrador,ou=Users,dc =raah,dc=local" -w "admin" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Users,dc=raah,dc=local))" -h 192.168.0.90 acl localnet proxy_auth REQUIRED src 192.168.0.0/24 acl InetAccess external InetGroup squid_users http_access allow InetAccess The Active directory machine has 192.168.0.90 as IP, user "Administrador", password "admin". The users that I want to allow connect are in Active Directory group called "squid_users" at Organizative Unit "Users" at domain " raah.local" The browser ask for user and password but never works with real users At process list at squid machine I can see that, for checking my parameter are launched correctly proxy 5457 0.0 0.1 3500 840 ? Ss 14:09 0:00 (ldap_auth) -R -b dc=raah,dc=local -D cn=Administrador,cn=squid _users,ou=Users,dc=raah,dc=local proxy 5464 0.0 0.1 3496 836 ? Ss 14:09 0:00 (squid_ldap_group) -R -b dc=raah,dc=local -D cn=Administrador,ou=Users,dc=raah,dc=local -w admin At access.log squid I obtain these when try to auth with "moi" users, he is at squid_users group. I don't know why the username is followed my NONE. I tryed writing RAAH\moi too, but it did not works, but at log appears without capital letters. 1169474464.947 65 192.168.0.40 TCP_DENIED/407 1847 GET http://www.google.com/ moi NONE/- text/html 1169474465.025 64 192.168.0.40 TCP_DENIED/407 1847 GET http://www.google.com/ moi NONE/- text/html 1168934037.153 374 192.168.0.40 TCP_DENIED/407 1822 GET http://www.google.com/ raah\moi NONE/- text/html I install an sniffer at AD machine for know that is reciving this machine from the auth but I can't see nothing understanding. My theory is that the LDAP path is not ok, becouse I check a few VBS scripts using the LDAP path without working ok, see examples here http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/default.mspx?mfr=true I check doc about this but nothing works any idea what to do? Thanks a lot! -- ---------------------------------------------- --- ~O ----- _`\<;_ --- (_)/\(_) kRiZiO mailto:krizio@xxxxxxxxx http://www.krizio.com ----------------------------------------------
