Search squid archive

Re: Re: NCSA Password change and AD Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tis 2009-09-15 klockan 20:27 +0530 skrev vikas rawat:
> Hi,
> For AD authentication i tried;
> 
> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
> "dc=Seinpuvi0001,dc=company-sbm,dc=com" -D
> "cn=testadmin,cn=Pune/Users,dc=Seinpuvi0001,dc=company-sbm,dc=com" -w
> "pwd" -f sAMAccountName=%s -h ip-address
> auth_param basic children 5
> auth_param basic realm squid testing
> auth_param basic credentialsttl 5 minutes
> 
> 
> external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
> -b "dc=company-sbm,dc=com" -D
> "cn=testadmin,cn=Pune,dc=company-sbm,dc=com" -w "pwd" -f
> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Pune/Users,dc=company-sbm,dc=com))"
> -h ip-address
> 
> But could not connect with AD.

AD security policies generally do not allow the above configuration due
to the weak authentication mechanism used (unencrypted plaintext).

You can get around this by enabling SSL (requires a SSL certificate to
be installed on the AD server, and appropriate CA certificate installed
on the Squid server if not signed by the normally trusted CAs)

Regards
Henrik


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux