On Wed, Nov 13, 2013 at 08:24:56AM -0800, Brig wrote: > Trying to get Squid to use our AD server to authenticate users with LDAP. I > cannot get the basic_ldap_auth helper to work. I keep getting error: > > ERR Success > > > I am able to bind to the AD server and query ldap though using "ldapsearch" > and the following command: > > ldapsearch -LLL -H ldap://ldap.mydomain.com -x -D > 'CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'squidauth_password' -b > 'DC=mydomain,DC=com' SAMAccountName uid uidNumber > > That works fine yet if I use the Squid basic_ldap_auth helper program and > then enter in a good userid and password I just get that same error: > > /usr/lib/squid3/basic_ldap_auth -R -v 3 -d -b “dc=mydomain,dc=com” -D > “cn=squidauth,ou=Users,ou=IT,dc=mydomain,dc=com” -w "squidauth_password" -h > ldap.mydomain.com > > squid squidpass
Firstly try running the following command from the command line: /usr/lib/squid3/basic_ldap_auth -b DC=mydomain,DC=com -f sAMAccountName=%s -D CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com -w squidauth_password -t 3 -H ldap://ldap.mydomain.com Then interactively type Active Directory logins and passwords separated by space. You should see something like this: user1 password1 OK baduser badpassword ERR Success > > basic_ldap_auth.cc(739): pid=31847 :attempting to authenticate user > 'uid=squid,“dc=mydomain,dc=com”' > ERR Success > > I am running on ubuntu and just to make sure I was not hitting a bug I > downloaded the latest source code squid-3.3.10 and compiled that and still > get the same error. > > Spent many hrs searching all the Squid forums, etc, and have not been able > to find a solution that will work. My strengths are all on the Linux/Squid > side and I am not familiar with MS AD server, we have an Admin that runs > that so hoping someone here has experience with it. > > Thanks in advance for any help you folks can give! > > Brig > > > > > > -- > View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/Cannot-get-basic-ldap-auth-to-work-with-AD-tp4663282.html > Sent from the Squid - Users mailing list archive at Nabble.com. -- Peter Benko
