Re: [squid-users] Cannot get basic_ldap_auth to work with AD from Peter Benko on 2013-11-14 (squid-users)

From: Peter Benko <benko_peter_at_vse.sk>
Date: Thu, 14 Nov 2013 08:52:43 +0100

On Wed, Nov 13, 2013 at 08:24:56AM -0800, Brig wrote:
> Trying to get Squid to use our AD server to authenticate users with LDAP. I
> cannot get the basic_ldap_auth helper to work. I keep getting error:
>
> ERR Success
>
>
> I am able to bind to the AD server and query ldap though using "ldapsearch"
> and the following command:
>
> ldapsearch -LLL -H ldap://ldap.mydomain.com -x -D
> 'CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'squidauth_password' -b
> 'DC=mydomain,DC=com' SAMAccountName uid uidNumber
>
> That works fine yet if I use the Squid basic_ldap_auth helper program and
> then enter in a good userid and password I just get that same error:
>
> /usr/lib/squid3/basic_ldap_auth -R -v 3 -d -b “dc=mydomain,dc=com” -D
> “cn=squidauth,ou=Users,ou=IT,dc=mydomain,dc=com” -w "squidauth_password" -h
> ldap.mydomain.com
>
> squid squidpass

Firstly try running the following command from the command line:

/usr/lib/squid3/basic_ldap_auth -b DC=mydomain,DC=com -f
sAMAccountName=%s -D CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com -w
squidauth_password -t 3 -H ldap://ldap.mydomain.com

Then interactively type Active Directory logins and passwords separated by
space. You should see something like this:

user1 password1
OK
baduser badpassword
ERR Success

>
> basic_ldap_auth.cc(739): pid=31847 :attempting to authenticate user
> 'uid=squid,“dc=mydomain,dc=com”'
> ERR Success
>
> I am running on ubuntu and just to make sure I was not hitting a bug I
> downloaded the latest source code squid-3.3.10 and compiled that and still
> get the same error.
>
> Spent many hrs searching all the Squid forums, etc, and have not been able
> to find a solution that will work. My strengths are all on the Linux/Squid
> side and I am not familiar with MS AD server, we have an Admin that runs
> that so hoping someone here has experience with it.
>
> Thanks in advance for any help you folks can give!
>
> Brig
>
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cannot-get-basic-ldap-auth-to-work-with-AD-tp4663282.html
> Sent from the Squid - Users mailing list archive at Nabble.com.

-- 
Peter Benko

Received on Thu Nov 14 2013 - 16:47:05 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 15 2013 - 12:00:04 MST