tis 2009-09-15 klockan 20:27 +0530 skrev vikas rawat: > Hi, > For AD authentication i tried; > > auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b > "dc=Seinpuvi0001,dc=company-sbm,dc=com" -D > "cn=testadmin,cn=Pune/Users,dc=Seinpuvi0001,dc=company-sbm,dc=com" -w > "pwd" -f sAMAccountName=%s -h ip-address > auth_param basic children 5 > auth_param basic realm squid testing > auth_param basic credentialsttl 5 minutes > > > external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R > -b "dc=company-sbm,dc=com" -D > "cn=testadmin,cn=Pune,dc=company-sbm,dc=com" -w "pwd" -f > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Pune/Users,dc=company-sbm,dc=com))" > -h ip-address > > But could not connect with AD. AD security policies generally do not allow the above configuration due to the weak authentication mechanism used (unencrypted plaintext). You can get around this by enabling SSL (requires a SSL certificate to be installed on the AD server, and appropriate CA certificate installed on the Squid server if not signed by the normally trusted CAs) Regards Henrik
