Search squid archive

Re: Re: Cannot get basic_ldap_auth to work with AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 20, 2013 at 09:28:05AM -0800, Brig wrote:
> Hi Peter,
> 
> Thx for the replies! Your names sounds familiar, were you on the Squid
> project like 18 yrs ago? My first Squid project was back then when I used it
> to develop a load balancer and I wonder if we corresponded back then?
> 
> Anyway here is the results of the four commands you asked me to issue:
> 
> 1)
> 
> /u01/local/squid-3.3.10/helpers/basic_auth/LDAP/basic_ldap_auth -P -R -u cn
> -b "cn=Users,dc=mydomain,dc=com"  -h 'ldap.mydomain.com'
> brig {my passwd}
> ERR Invalid credentials
> 
> 2)
> 
> /u01/local/squid-3.3.10/helpers/basic_auth/LDAP/basic_ldap_auth -d -b
> 'dc=mydomain,dc=com'  -f 'sAMAccountName=%s' -D
> 'cn=squidauth,ou=Users,dc=mydomain,dc=com' -w 'squidauth passwd' -t 3  -H
> 'ldap://ldap.mydomain.com'
> brig {my passwd}
> basic_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
> ERR Success

Exactly same behavior I'm able to simulate on my system when I type the
wrong password after the -w parameter. When I use right password, my
ldap authenticator works.

Please try to change the password for squidauth (use only alphanumeric
characters from ASCII table) and try the following command again (this
time I added also -R parameter):

basic_ldap_auth -d -R -b 'dc=mydomain,dc=com' -f 'sAMAccountName=%s'
-D 'cn=squidauth,ou=Users,dc=mydomain,dc=com' -w 'newpasswd'
-t 3 -H 'ldap://ldap.mydomain.com'

> 
> 3)
> 
> ldapsearch -LLL  -H ldap://ldap.mydomain.com -x -D
> 'CN=squidauth,OU=Users,OU=IT,
> DC=mydomain,DC=com' -w 'squidauth passwd' -b 'DC=mydomain,DC=com'
> '(sAMAccountNa
> me=brig)' dn
> 
> dn: CN=Brig,OU=Users,OU=IT,DC=mydomain,DC=com
> 
> # refldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=com
> 
> # refldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=mydomain,DC=com
> 
> # refldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
> 
> 4)
> 
> ldapsearch -LLL  -H ldap://ldap.mydomain.com -x -D
> 'CN=Brig,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'my passwd' -b
> 'DC=mydomain,DC=com' '(sAMAccountName=brig)' dn
> 
> dn: CN=Brig,OU=Users,OU=IT,DC=mydomain,DC=com
> 
> # refldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=com
> 
> # refldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=mydomain,DC=com
> 
> # refldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
> 
> 
> While doing this I spent an hour on the AD server too looking for any kind
> of errors or anything and found NOTHING! This reminded me how much I hate
> working with M$ technology cuz somehow I feel if I was using OpenLdap I get
> the feeling I would see some kind of logging events that could help me
> figure this out . . .
> 
> Thx again for you help!
> 
> Brig
> 

-- 
Peter Benko




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux