On fre, 2008-06-13 at 18:09 -0700, Alexandre augusto wrote: > Hi All, > > I was wrong when said that my authentication was working in last email... > > I´m trying work Squid with MS AD > > So this is my squid.conf entry about LDAP auth: > > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -D "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -w "/usr/local/squid/etc/file" -f "(objectclass=*)" -h ldap_server_ip:port > > Using this configuration with Ldapbrowser tool (Softerra), I can search my entire LDAP tree without problems. > > my search base is: > > CN=user_admin,OU=Usuarios,OU=ABC,DC=abc,DC=com,DC=br Are you really really sure? That looks very much like the user_admin object, not the OU (or any upper level) where all your users are found.. > "user_admin" is Domain Admin of AD ( maybe necessary to bind on it ???) That's what -D does. > But Squid just give me an old TCP_DENIED entry on log files: > > 1213403347.792 15 192.168.10.1 TCP_DENIED/407 2706 GET http://www.gm.com/ user_admin NONE/- text/html > > 1213405393.479 15 192.168.10.1 TCP_DENIED/407 2706 GET http://www.squid-cache.org/ user_admin NONE/- text/html Anything in cache.log? You might need TLS/SSL for this to work. AD is often configured in such manner that plaintext authentication (simple bind without encryption) is not allowed. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
