Search squid archive

problems Squid auth with Active Directory with LDAP module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello!

I'm working in a pre-production enviorement with virtual machines, one
running squid in a debian etch trying to auth the users with an Active
Directory installed in other virtual machine running MS Windows 2003
Server.
Before this I success auth with unix passwords file without problems.
Now I'm following this guide to auth trought LDAP with Active
Directory -->
http://papercut.biz/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory

This is part of my squid.conf where I specify auth module:
# -- PRUEBA AUTH LDAP  contra AD
auth_param basic program /usr/lib/squid/ldap_auth -R -b
"dc=raah,dc=local" -D "cn=Administrador,cn=squid
_users,ou=Users,dc=raah,dc=local" -w "admin" -f sAMAccountName=%s -h
192.168.0.90
auth_param basic children 5
auth_param basic realm ACMEProxy
auth_param basic credentialsttl 5 minutes

and this is de ACL adapted to my enviorement:
# Mi ACL contra AD
external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
-b "dc=raah,dc=local" -D "cn=Administrador,ou=Users,dc
=raah,dc=local" -w "admin" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Users,dc=raah,dc=local))"
-h  192.168.0.90
acl localnet proxy_auth REQUIRED src     192.168.0.0/24
acl InetAccess external InetGroup squid_users
http_access allow InetAccess
The Active directory machine has  192.168.0.90 as IP, user
"Administrador", password "admin". The users that I want to allow
connect are in Active Directory group called "squid_users" at
Organizative Unit "Users" at domain " raah.local"

The browser ask for user and password but never works with real users

At process list at squid machine I can see that, for checking my
parameter are launched correctly
proxy     5457  0.0  0.1   3500   840 ?        Ss   14:09   0:00
(ldap_auth) -R -b dc=raah,dc=local -D cn=Administrador,cn=squid
_users,ou=Users,dc=raah,dc=local
proxy     5464  0.0  0.1   3496   836 ?        Ss   14:09   0:00
(squid_ldap_group) -R -b dc=raah,dc=local -D
cn=Administrador,ou=Users,dc=raah,dc=local -w admin

At access.log squid I obtain these when try to auth with "moi" users,
he is at squid_users group. I don't know why the username is followed
my NONE. I tryed writing RAAH\moi too, but it did not works, but at
log appears without capital letters.

1169474464.947     65   192.168.0.40 TCP_DENIED/407 1847 GET
http://www.google.com/ moi NONE/- text/html
1169474465.025     64     192.168.0.40 TCP_DENIED/407 1847 GET
http://www.google.com/  moi NONE/- text/html
1168934037.153    374 192.168.0.40 TCP_DENIED/407 1822 GET
http://www.google.com/ raah\moi NONE/- text/html

I install an sniffer at AD machine for know that is reciving this
machine from the auth but I can't see nothing understanding.

My theory is that the LDAP path is not ok, becouse I check a few VBS
scripts using the LDAP path without working ok, see examples here
http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/default.mspx?mfr=true

I check doc about this but nothing works
any idea what to do?

Thanks a lot!


--
----------------------------------------------
     --- ~O
----- _`\<;_
---  (_)/\(_)

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux