On Mon, 5 Jan 2004, Victor Souza Menezes wrote: > I'm trying to authenticate squid users against a MS Active directory but i am > having problems. I've already tried all the statements tha are in the > squid_ldap_auth manual. > > the MS Active directory is under the following domain: > > tre-pb.gov.br > > I created some users directly in this domain.
Is these in the default "Users" container, or somewhere else? Is the "Pre-Windows 2000 login" set to something that makes sense? In short you basically MUST use the search mode to locate MSAD users. And most MSAD installations does not allow anonymous searches so you must manually specify a full LDAP DN and password of a dummy user to use while searching for the actual user. Users within the default "Users" container have a DN line CN=UsersFullName,CN=Users,dc=tre-pb,dc=gov,dc=br You can try this out with "ldapsearch -x -W -D 'CN=UsersFullName,CN=Users,dc=tre-pb,dc=gov,dc=br'" when ldapsearch returns you the information about what users and groups you have in the directory then you are set to start using the squid_ldap_auth helper. Regards Henrik
