Good Morning!
I am relatively new to squid. However, I have been reading over previous postings and have read through the man files a couple of times.
With that said, I am trying to do exactly what a lot of other people before me have done, authenticate a squid cache via a windows 2000 ldap server.
For the record, I am using a RedHat 9 install, with squid that was installed by default. I believe it is 2.5Stable1.
Now, again with that said, I have successfully communicated with the ldap box with ldap search using the following syntax:
Ldapsearch -x -h 192.168.0.123 -b dc=proteabhs,dc=com -D cn=squiduser,cn=Users,dc=proteabhs,dc=com -w *********
I have sucessfully communicated with squid_ldap_auth with the following syntax:
Squid_ldap_auth -p -R -b dc=proteabhs,dc=com -D cn=squiduser,cn=Users,dc=proteabhs,dc=com -w ********* -f sAMAccount=%s objectClass=Person -h 192.168.0.123
I then type in a user name and a password and I receive the OK return.
Now, with that all out of the way, I have put the same syntax into my squid.conf file and when I try to browse the net, I do receive the login box, however, my password is never accepted. It loops 3 times and then displays the default page stating that I must authenticate prior to accessing the page.
From reading the man page, I have noticed that I could try using the following syntax:
Squid_ldap_auth -p -R -b dc=proteabhs,dc=com -D cn=squiduser,cn=Users,dc=proteabhs,dc=com -w ********** -f (&(sAMAccount=%s)(objectClass=Person)) -h 192.168.0.123
Notice the changes to (&(sAMAccount=%s)(objectClass=Person)) . I have tried this and it did not work.
I have also tried :
Squid_ldap_auth -p -R -b "dc=proteabhs,dc=com" -D "cn=squiduser,cn=Users,dc=proteabhs,dc=com" -w "***********" -f (&(sAMAccount=%s)(objectClass=Person)) -h 192.168.0.123 which did not work.
I know from the command line, all is working fine. It must be a syntax issue, however ,from what I can tell I'm entering it all correctly.
Any help will be greatly appreacited. I also have used a program called ldapbrowser to connect and view the ldap tree. This too works just fine.
PS, please don't tell me to read the man pages <grin>, I have, over and over again.
Christopher J. Joles
Chief Information Officer
PROTEA Behavioral Health Services
187 Exchange St.
Bangor, ME 04401
Phone: (207)992-7010 Ext: 245 Fax:(207)992-7011
Received on Thu Sep 11 2003 - 06:46:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:39 MST