Hi Henrik, You are correct. my search base is DC=abc,DC=com,DC=br I have nothing related LDA on cache.log I´m looking for some documentation and found many guys using Squid + Samba ( winbind) with libnss_winbind.so and libnss_winbind.so.2 authenticating on AD (win 2003). That is way to take ? thank you Alexandre --- Em sáb, 14/6/08, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> escreveu: > De: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> > Assunto: Re: Squid + AD (LDAP) > Para: asaugusto@xxxxxxxxxxxx > Cc: squid-users@xxxxxxxxxxxxxxx > Data: Sábado, 14 de Junho de 2008, 6:21 > On fre, 2008-06-13 at 18:09 -0700, Alexandre augusto wrote: > > Hi All, > > > > I was wrong when said that my authentication was > working in last email... > > > > I´m trying work Squid with MS AD > > > > So this is my squid.conf entry about LDAP auth: > > > > auth_param basic program > /usr/local/squid/libexec/squid_ldap_auth -R -b > "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -D > "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -w > "/usr/local/squid/etc/file" -f > "(objectclass=*)" -h ldap_server_ip:port > > > > Using this configuration with Ldapbrowser tool > (Softerra), I can search my entire LDAP tree without > problems. > > > > my search base is: > > > > CN=user_admin,OU=Usuarios,OU=ABC,DC=abc,DC=com,DC=br > > Are you really really sure? That looks very much like the > user_admin > object, not the OU (or any upper level) where all your > users are found.. > > > "user_admin" is Domain Admin of AD ( maybe > necessary to bind on it ???) > > That's what -D does. > > > But Squid just give me an old TCP_DENIED entry on log > files: > > > > 1213403347.792 15 192.168.10.1 TCP_DENIED/407 2706 > GET http://www.gm.com/ user_admin NONE/- text/html > > > > 1213405393.479 15 192.168.10.1 TCP_DENIED/407 2706 > GET http://www.squid-cache.org/ user_admin NONE/- text/html > > Anything in cache.log? > > You might need TLS/SSL for this to work. AD is often > configured in such > manner that plaintext authentication (simple bind without > encryption) is > not allowed. > > Regards > Henrik Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento! http://br.mail.yahoo.com/