[squid-users] yet another squid_ldap_auth question when connecting to AD from Eric Belhomme on 2005-01-05 (squid-users)

From: Eric Belhomme <eric.belhomme@dont-contact.us>
Date: Wed, 5 Jan 2005 10:25:12 +0000 (UTC)

Hello,

I just done a squid fresh install on a GNU/Linux Debian woody server.

I installed squid 2.5.7 from www.backports.org :

lyon:/home/rico# squid -v
Squid Cache: Version 2.5.STABLE7
configure options: --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin
--sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-
async-io --with-pthreads --enable-storeio=ufs,aufs,diskd,null --enable-
linux-netfilter --enable-arp-acl --enable-removal-policies=lru,heap --
enable-snmp --enable-delay-pools --enable-htcp --enable-poll --enable-
cache-digests --enable-underscores --enable-referer-log --enable-
useragent-log --enable-auth=basic,digest,ntlm --enable-carp --enable-
large-files i386-debian-linux

I also installed libldap2 2.1.30-2 (from www.backports.org) and ldap-
utils.

I'd like to authenticate squid users from my Active Directory server.
I can connect well to my AD ldap server with ldapsearch :

# ldapsearch -x -b "dc=w2k,dc=icsb,dc=fr" -D
"CN=me_user_name,OU=ICSB,OU=Utilisateurs,DC=w2k,DC=icsb,DC=fr" -w
my_passwd -h ctlad1.w2k.icsb.fr
[...]
# search result
search: 2
result: 0 Success

# numResponses: 887
# numEntries: 885
# numReferences: 1

But squid_ldap_auth don't work as well :

# /usr/lib/squid/ldap_auth -p -R -b dc=w2k,dc=icsb,dc=fr -D
cn=Administrateur,cn=Users,dc=w2k,dc=icsb,dc=fr -w my_admin_passwd -f
"userPrincipalName=%s" ctlad1.w2k.icsb.fr
administrateur@w2k.icsb.fr
ERR

The things that' hurts me a tcpdump session on my host lyon (where squid
is installed) when using squid_ldap_auth doesn't show any ldap packet !!!
(firewalling is totally disabled an default netfilter rules are set to
ACCEPT)
lyon:/home/rico# tcpdump -i eth0 port ldap
tcpdump: listening on eth0

0 packets received by filter
0 packets dropped by kernel

Of course the same capture with ldapsearch command returns a lot of
packets :

1239 packets received by filter
0 packets dropped by kernel

I probably don't understood something on the right way to use
squid_ldap_auth, but I can't see what :( So I hope a nice guy here would
help me :))

regards,

-- 
Eric Belhomme

Received on Wed Jan 05 2005 - 03:50:37 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST