Search squid archive

Re: Squid + AD (LDAP)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Henrik,

You are correct.
my search base is DC=abc,DC=com,DC=br


I have nothing related LDA on cache.log

I´m looking for some documentation and found many guys using Squid + Samba ( winbind) with libnss_winbind.so and  libnss_winbind.so.2 authenticating on AD (win 2003). 

That is way to take ?

thank you

Alexandre

--- Em sáb, 14/6/08, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> escreveu:

> De: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>
> Assunto: Re:  Squid + AD (LDAP)
> Para: asaugusto@xxxxxxxxxxxx
> Cc: squid-users@xxxxxxxxxxxxxxx
> Data: Sábado, 14 de Junho de 2008, 6:21
> On fre, 2008-06-13 at 18:09 -0700, Alexandre augusto wrote:
> > Hi All,
> > 
> > I was wrong when said that my authentication was
> working in last email...
> > 
> > I´m trying work Squid with MS AD
> > 
> > So this is my squid.conf entry about LDAP auth:
> > 
> > auth_param basic program
> /usr/local/squid/libexec/squid_ldap_auth -R -b
> "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -D
> "CN=user_admin,OU=ABC,DC=abc,DC=com,DC=br" -w
> "/usr/local/squid/etc/file" -f
> "(objectclass=*)" -h ldap_server_ip:port
> > 
> > Using this configuration with Ldapbrowser tool
> (Softerra), I can search my entire LDAP tree without
> problems.
> > 
> > my search base is:
> > 
> > CN=user_admin,OU=Usuarios,OU=ABC,DC=abc,DC=com,DC=br
> 
> Are you really really sure? That looks very much like the
> user_admin
> object, not the OU (or any upper level) where all your
> users are found..
> 
> > "user_admin" is Domain Admin of AD ( maybe
> necessary to bind on it ???)
> 
> That's what -D does.
> 
> > But Squid just give me an old TCP_DENIED entry on log
> files:
> > 
> > 1213403347.792     15 192.168.10.1 TCP_DENIED/407 2706
> GET http://www.gm.com/ user_admin NONE/- text/html  
> > 
> > 1213405393.479     15 192.168.10.1 TCP_DENIED/407 2706
> GET http://www.squid-cache.org/ user_admin NONE/- text/html 
> 
> Anything in cache.log?
> 
> You might need TLS/SSL for this to work. AD is often
> configured in such
> manner that plaintext authentication (simple bind without
> encryption) is
> not allowed.
> 
> Regards
> Henrik


      Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!
http://br.mail.yahoo.com/


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux