[squid-users] R: RE: [squid-users] R: RE: [squid-users] Squid - ldap auth against active directory 2008 R2

From: <projproxy_at_virgilio.it>
Date: Fri, 21 Jan 2011 08:47:00 +0100 (CET)

Ok, let´s start with a general question:

does squid work with ldap auth and
active directory 2008 R2???
is there someone that has kind of experience with
that???

Thanks jcasale: yes we upgraded the domain from 2003 to 2008 R2, all
domain controller (2 per each subdomain exactely like before in 2003), for sure
got other name and ip address and for sure I changed already the configuration
of squid.
The firewall was the first think I looked at: it´s compleately turned
off!

The strange thing is that if I run the helper from shell, it works
perfectly, instead when it´s called from the configuration it does not work.

I
guess, if in general squid and ldap would work with 2008 R2, there must be
something to consider and to include eventually in the configuration of squid,
for this reason I´m asking help.
If would be not possible with ldap, I would
appreciate help also for other authentication already tested in 2008 R2
environment.

Thanks in advance.

>----Messaggio originale----
>Da:
jcasale_at_activenetwerx.com
>Data: 20-gen-2011 17.13
>A: "squid-users_at_squid-cache.
org"<squid-users_at_squid-cache.org>
>Ogg: RE: [squid-users] R: RE: [squid-users]
Squid - ldap auth against active directory 2008 R2
>
>>As I
>>said: with AD
2003 was working well, now with AD2008 is not working....
>
>That doesn’t help
us, so you upgraded the domain? Regardless, you're not
>auth'ing to the "same"
server so something changed.
>
>>auth_param basic
>>program
usr/sbin/squid_ldap_auth -d -v "3" -s "sub" -b "dc=example, dc=org" -D
>>"
cn=example-Auth-User,ou=konten,ou=User city,dc=city,dc=example,dc=org" -w
>>"
fffff" -f "sAMAccountName=%s" -h "ldapserver.ab.example.org" -p "3268"
>
>Check
the firewall on the 2008 server, it may not be allowing connections to that

>port for example.
>
>More specifically, are you intentionally querying the GC
port versus the LDAP port?
>As I don’t know your topology, that may not have a
view of what you are looking for...
>

                                                                                                                                                       
Received on Fri Jan 21 2011 - 07:47:12 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 21 2011 - 12:00:07 MST