On Wed, Nov 20, 2013 at 09:28:05AM -0800, Brig wrote:
> Hi Peter,
>
> Thx for the replies! Your names sounds familiar, were you on the Squid
> project like 18 yrs ago? My first Squid project was back then when I used it
> to develop a load balancer and I wonder if we corresponded back then?
>
> Anyway here is the results of the four commands you asked me to issue:
>
> 1)
>
> /u01/local/squid-3.3.10/helpers/basic_auth/LDAP/basic_ldap_auth -P -R -u cn
> -b "cn=Users,dc=mydomain,dc=com" -h 'ldap.mydomain.com'
> brig {my passwd}
> ERR Invalid credentials
>
> 2)
>
> /u01/local/squid-3.3.10/helpers/basic_auth/LDAP/basic_ldap_auth -d -b
> 'dc=mydomain,dc=com' -f 'sAMAccountName=%s' -D
> 'cn=squidauth,ou=Users,dc=mydomain,dc=com' -w 'squidauth passwd' -t 3 -H
> 'ldap://ldap.mydomain.com'
> brig {my passwd}
> basic_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
> ERR Success
Exactly same behavior I'm able to simulate on my system when I type the
wrong password after the -w parameter. When I use right password, my
ldap authenticator works.
Please try to change the password for squidauth (use only alphanumeric
characters from ASCII table) and try the following command again (this
time I added also -R parameter):
basic_ldap_auth -d -R -b 'dc=mydomain,dc=com' -f 'sAMAccountName=%s'
-D 'cn=squidauth,ou=Users,dc=mydomain,dc=com' -w 'newpasswd'
-t 3 -H 'ldap://ldap.mydomain.com'
>
> 3)
>
> ldapsearch -LLL -H ldap://ldap.mydomain.com -x -D
> 'CN=squidauth,OU=Users,OU=IT,
> DC=mydomain,DC=com' -w 'squidauth passwd' -b 'DC=mydomain,DC=com'
> '(sAMAccountNa
> me=brig)' dn
>
> dn: CN=Brig,OU=Users,OU=IT,DC=mydomain,DC=com
>
> # refldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=com
>
> # refldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=mydomain,DC=com
>
> # refldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
>
> 4)
>
> ldapsearch -LLL -H ldap://ldap.mydomain.com -x -D
> 'CN=Brig,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'my passwd' -b
> 'DC=mydomain,DC=com' '(sAMAccountName=brig)' dn
>
> dn: CN=Brig,OU=Users,OU=IT,DC=mydomain,DC=com
>
> # refldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=com
>
> # refldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=mydomain,DC=com
>
> # refldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
>
>
> While doing this I spent an hour on the AD server too looking for any kind
> of errors or anything and found NOTHING! This reminded me how much I hate
> working with M$ technology cuz somehow I feel if I was using OpenLdap I get
> the feeling I would see some kind of logging events that could help me
> figure this out . . .
>
> Thx again for you help!
>
> Brig
>
--
Peter Benko
