On Thu, Nov 14, 2013 at 11:12:15AM -0800, Brig wrote: > Hey Peter, > > Thx for the reply! > > I tried the command you suggested and I get error: > > basic_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' > ERR Success The same WARNING I'm able to simulate on my system when I put the wrong password after the -w parameter. So in order to be sure that your shell does not interpret some special characters (ie. dollar sign in user password), try the following command: /usr/lib/squid3/basic_ldap_auth -b 'DC=mydomain,DC=com' -f 'sAMAccountName=%s' -D 'CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'squidauth_password' -t 3 -H ldap://ldap.mydomain.com ...also in the initial email you wrote that ldapsearch works OK for you. Please try: ldapsearch -LLL -b 'DC=mydomain,DC=com' -x -D 'CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'squidauth_password' -H ldap://ldap.mydomain.com '(sAMAccountName=yourlogin)' dn ldapsearch -LLL -b 'DC=mydomain,DC=com' -x -D 'OutputFromThePreviousCommand' -w 'YourPassword' -H ldap://ldap.mydomain.com '(sAMAccountName=yourlogin)' dn > > If I remove the "-f sAMAccountName=%s" part of the command you sent then I > get the error: > > basic_ldap_auth.cc(739): pid=23194 :attempting to authenticate user > 'uid=brig,“dc=mydomain,dc=com”' > ERR Success > > (I am trying to auth my own userid/passwd so I know it is good and should > produce an "OK" and naturally 'mydomain.com' was replaced with my real > domain) > > So adding the -f option does not even allow me to bind. Like I said I am not > very familiar with AD yet I would think that the 2nd error at least shows > that my bind credentials are working? > > So I am still stuck yet hopefully these results might help you help me > narrow it down? > > Thx again! > > Brig > Next time, please provide the whole command producing the error output. -- Peter Benko
