hi, THANKS... Could you guide me how to do this, i mean steps to follow. Regards, vikas On Tue, Sep 15, 2009 at 11:58 PM, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > tis 2009-09-15 klockan 20:27 +0530 skrev vikas rawat: >> Hi, >> For AD authentication i tried; >> >> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b >> "dc=Seinpuvi0001,dc=company-sbm,dc=com" -D >> "cn=testadmin,cn=Pune/Users,dc=Seinpuvi0001,dc=company-sbm,dc=com" -w >> "pwd" -f sAMAccountName=%s -h ip-address >> auth_param basic children 5 >> auth_param basic realm squid testing >> auth_param basic credentialsttl 5 minutes >> >> >> external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R >> -b "dc=company-sbm,dc=com" -D >> "cn=testadmin,cn=Pune,dc=company-sbm,dc=com" -w "pwd" -f >> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Pune/Users,dc=company-sbm,dc=com))" >> -h ip-address >> >> But could not connect with AD. > > AD security policies generally do not allow the above configuration due > to the weak authentication mechanism used (unencrypted plaintext). > > You can get around this by enabling SSL (requires a SSL certificate to > be installed on the AD server, and appropriate CA certificate installed > on the Squid server if not signed by the normally trusted CAs) > > Regards > Henrik > >
