[squid-users] I: Re: [squid-users] R: Re: [squid-users] Squid - ldap auth against active directory 2008 R2
Messaggio originale Da: projpr...@virgilio.it Data: 24-gen-2011 8.34 A: squ...@treenet.co.nz Ogg: R: Re: [squid-users] R: Re: [squid-users] Squid - ldap auth against active directory 2008 R2 Thanks a lot for your reply. this sounds really good...strange that on opensuse i don´t have the same problem like on the server Anyway, I would like to make the test you suggested. the user is squid...but which is the standard password? Thanks again. Messaggio originale Da: squ...@treenet.co.nz Data: 21-gen-2011 13.47 A: squid-users@squid-cache.org Ogg: Re: [squid-users] R: Re: [squid-users] Squid - ldap auth against active directory 2008 R2 On 22/01/11 00:41, projpr...@virgilio.it wrote: Thanks a lot for you reply! this gives me a bit of courage... well, I made some test from a opensuse machine and it looks like it works... now, if i look at the process monitor with dependencies and thread on the original machine i have ownerprocess id root squid 5037 | | squid squid 4033 | | | squid squid-ldap 10370 .. I must say that i also mixed up the squid version: i´m using 3.0 Stable 9. Do you think it´s cause the helper run under squid? Should i insert squid in the root group? No. At the command line before testing the helper set yourself to the squid effective user using the su utility. Usually that is nobody or proxy or squid, though it may differ for your system. Then run the helper testing to find out what is broken. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4
Re: [squid-users] Squid - ldap auth against active directory 2008 R2
On 21/01/11 20:47, projpr...@virgilio.it wrote: Ok, let´s start with a general question: does squid work with ldap auth and active directory 2008 R2??? is there someone that has kind of experience with that??? Thanks jcasale: yes we upgraded the domain from 2003 to 2008 R2, all domain controller (2 per each subdomain exactely like before in 2003), for sure got other name and ip address and for sure I changed already the configuration of squid. The firewall was the first think I looked at: it´s compleately turned off! The strange thing is that if I run the helper from shell, it works perfectly, instead when it´s called from the configuration it does not work. There you have the answer to that first Question does squid work with ldap auth and active directory 2008 R2? All Squid does is run the helper and pass it the user credentials. If the helper works standalone then there is no reason why Squid cannot. Squid runs as a low-privileged user account. Running the helper as root can often create or access files and other resources with root permission which the Squid user cannot access. Check the permissions. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4
[squid-users] R: Re: [squid-users] Squid - ldap auth against active directory 2008 R2
Thanks a lot for you reply! this gives me a bit of courage... well, I made some test from a opensuse machine and it looks like it works... now, if i look at the process monitor with dependencies and thread on the original machine i have ownerprocess id root squid 5037 | | squid squid 4033 | | | squid squid-ldap 10370 .. I must say that i also mixed up the squid version: i´m using 3.0 Stable 9. Do you think it´s cause the helper run under squid? Should i insert squid in the root group? Thank in advance. Messaggio originale Da: squ...@treenet.co.nz Data: 21-gen-2011 9.20 A: squid-users@squid-cache.org Ogg: Re: [squid-users] Squid - ldap auth against active directory 2008 R2 On 21/01/11 20:47, projpr...@virgilio.it wrote: Ok, let´s start with a general question: does squid work with ldap auth and active directory 2008 R2??? is there someone that has kind of experience with that??? Thanks jcasale: yes we upgraded the domain from 2003 to 2008 R2, all domain controller (2 per each subdomain exactely like before in 2003), for sure got other name and ip address and for sure I changed already the configuration of squid. The firewall was the first think I looked at: it´s compleately turned off! The strange thing is that if I run the helper from shell, it works perfectly, instead when it´s called from the configuration it does not work. There you have the answer to that first Question does squid work with ldap auth and active directory 2008 R2? All Squid does is run the helper and pass it the user credentials. If the helper works standalone then there is no reason why Squid cannot. Squid runs as a low-privileged user account. Running the helper as root can often create or access files and other resources with root permission which the Squid user cannot access. Check the permissions. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4
Re: [squid-users] R: Re: [squid-users] Squid - ldap auth against active directory 2008 R2
On 22/01/11 00:41, projpr...@virgilio.it wrote: Thanks a lot for you reply! this gives me a bit of courage... well, I made some test from a opensuse machine and it looks like it works... now, if i look at the process monitor with dependencies and thread on the original machine i have ownerprocess id root squid 5037 | | squid squid 4033 | | | squid squid-ldap 10370 .. I must say that i also mixed up the squid version: i´m using 3.0 Stable 9. Do you think it´s cause the helper run under squid? Should i insert squid in the root group? No. At the command line before testing the helper set yourself to the squid effective user using the su utility. Usually that is nobody or proxy or squid, though it may differ for your system. Then run the helper testing to find out what is broken. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4
[squid-users] Squid - ldap auth against active directory 2008 R2
Hi, i had succesfully used until today squid on a SLES 10 machine with ldap authentication against active directory 2003. The company wanted to make an update to active directory 2008 R2: now it looks like it does not work properly. On user side the login window pops up and, once entered the credentials, the page charge for a while and than it shows no access rights. On the cache.log of squid i can see a error message could not bind to bindn server can´t contact ldap server. Could someone help me to let it work? Thanks in advance! D
RE: [squid-users] Squid - ldap auth against active directory 2008 R2
On the cache.log of squid i can see a error message could not bind to bindn server can´t contact ldap server. Could someone help me to let it work? Probably not without seeing your config and knowing your AD setup. If you upgraded, has your ldap topology remained exactly the same? Were you binding anonymously previously as by default anon binds are disabled in AD. Are you binding to the same user DN as you were and does that user DN still exist? jlc
[squid-users] R: RE: [squid-users] Squid - ldap auth against active directory 2008 R2
Thanks for reply. No anonimous bind: there´s a user to bind ldap server. As I said: with AD 2003 was working well, now with AD2008 is not working squid version 2.7 stable6 configuration (names are changed): auth_param basic program usr/sbin/squid_ldap_auth -d -v 3 -s sub -b dc=example, dc=org -D cn=example-Auth-User,ou=konten,ou=User city,dc=city,dc=example,dc=org -w f -f sAMAccountName=%s -h ldapserver.ab.example.org -p 3268 auth_param basic children 50 Any help? Messaggio originale Da: jcas...@activenetwerx.com Data: 20-gen-2011 12.58 A: squid-users@squid-cache. orgsquid-users@squid-cache.org Ogg: RE: [squid-users] Squid - ldap auth against active directory 2008 R2 On the cache.log of squid i can see a error message could not bind to bindn server can´t contact ldap server. Could someone help me to let it work? Probably not without seeing your config and knowing your AD setup. If you upgraded, has your ldap topology remained exactly the same? Were you binding anonymously previously as by default anon binds are disabled in AD. Are you binding to the same user DN as you were and does that user DN still exist? jlc
RE: [squid-users] R: RE: [squid-users] Squid - ldap auth against active directory 2008 R2
As I said: with AD 2003 was working well, now with AD2008 is not working That doesn’t help us, so you upgraded the domain? Regardless, you're not auth'ing to the same server so something changed. auth_param basic program usr/sbin/squid_ldap_auth -d -v 3 -s sub -b dc=example, dc=org -D cn=example-Auth-User,ou=konten,ou=User city,dc=city,dc=example,dc=org -w f -f sAMAccountName=%s -h ldapserver.ab.example.org -p 3268 Check the firewall on the 2008 server, it may not be allowing connections to that port for example. More specifically, are you intentionally querying the GC port versus the LDAP port? As I don’t know your topology, that may not have a view of what you are looking for...
[squid-users] R: RE: [squid-users] R: RE: [squid-users] Squid - ldap auth against active directory 2008 R2
Ok, let´s start with a general question: does squid work with ldap auth and active directory 2008 R2??? is there someone that has kind of experience with that??? Thanks jcasale: yes we upgraded the domain from 2003 to 2008 R2, all domain controller (2 per each subdomain exactely like before in 2003), for sure got other name and ip address and for sure I changed already the configuration of squid. The firewall was the first think I looked at: it´s compleately turned off! The strange thing is that if I run the helper from shell, it works perfectly, instead when it´s called from the configuration it does not work. I guess, if in general squid and ldap would work with 2008 R2, there must be something to consider and to include eventually in the configuration of squid, for this reason I´m asking help. If would be not possible with ldap, I would appreciate help also for other authentication already tested in 2008 R2 environment. Thanks in advance. Messaggio originale Da: jcas...@activenetwerx.com Data: 20-gen-2011 17.13 A: squid-users@squid-cache. orgsquid-users@squid-cache.org Ogg: RE: [squid-users] R: RE: [squid-users] Squid - ldap auth against active directory 2008 R2 As I said: with AD 2003 was working well, now with AD2008 is not working That doesn’t help us, so you upgraded the domain? Regardless, you're not auth'ing to the same server so something changed. auth_param basic program usr/sbin/squid_ldap_auth -d -v 3 -s sub -b dc=example, dc=org -D cn=example-Auth-User,ou=konten,ou=User city,dc=city,dc=example,dc=org -w f -f sAMAccountName=%s -h ldapserver.ab.example.org -p 3268 Check the firewall on the 2008 server, it may not be allowing connections to that port for example. More specifically, are you intentionally querying the GC port versus the LDAP port? As I don’t know your topology, that may not have a view of what you are looking for...