Re: [squid-users] proxy auth using AD

From: Kinkie <gkinkie_at_gmail.com>
Date: Tue, 12 Jan 2010 23:28:22 +0100

On Tue, Jan 12, 2010 at 2:12 PM, Mike Barnard <mike.barnardq_at_gmail.com> wrote:
> Hi,
>
> I am wondering whether its possible to have proxy auth work with two
> different OU and two DC entries.
>
> I have two domains a.domain.com and b.domain.com, each with different
> users. I need to have users from each domain authenticate and access
> the Internet via proxy_auth.
>
> Currently, I have,
>
> auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b
> "ou=Company Users,dc=a,dc=domain,dc=com" -D COMPANY\\binduser -w
> bindpassword -f sAMAccountName=%s -h 1.2.3.4
>
> Unfortunately, the b.domain.com users cannot authenticate unless I
> have their entry in the squid conf as well. Is there a way I can have
> the two domains with different OU's worked out.

The common solution would be to have the two domains in a trust
relationship. Can't you do that? (a.domain.com should trust b; no need
for the opposite)

-- 
    /kinkie
Received on Tue Jan 12 2010 - 22:28:26 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 13 2010 - 12:00:03 MST