On Thu, Nov 14, 2013 at 11:12:15AM -0800, Brig wrote:
> Hey Peter,
>
> Thx for the reply!
>
> I tried the command you suggested and I get error:
>
> basic_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
> ERR Success
The same WARNING I'm able to simulate on my system when I put the wrong
password after the -w parameter. So in order to be sure that your shell
does not interpret some special characters (ie. dollar sign in user
password), try the following command:
/usr/lib/squid3/basic_ldap_auth -b 'DC=mydomain,DC=com' -f 'sAMAccountName=%s' -D 'CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'squidauth_password' -t 3 -H ldap://ldap.mydomain.com
...also in the initial email you wrote that ldapsearch works OK for you.
Please try:
ldapsearch -LLL -b 'DC=mydomain,DC=com' -x -D 'CN=squidauth,OU=Users,OU=IT,DC=mydomain,DC=com' -w 'squidauth_password' -H ldap://ldap.mydomain.com '(sAMAccountName=yourlogin)' dn
ldapsearch -LLL -b 'DC=mydomain,DC=com' -x -D 'OutputFromThePreviousCommand' -w 'YourPassword' -H ldap://ldap.mydomain.com '(sAMAccountName=yourlogin)' dn
>
> If I remove the "-f sAMAccountName=%s" part of the command you sent then I
> get the error:
>
> basic_ldap_auth.cc(739): pid=23194 :attempting to authenticate user
> 'uid=brig,“dc=mydomain,dc=com”'
> ERR Success
>
> (I am trying to auth my own userid/passwd so I know it is good and should
> produce an "OK" and naturally 'mydomain.com' was replaced with my real
> domain)
>
> So adding the -f option does not even allow me to bind. Like I said I am not
> very familiar with AD yet I would think that the 2nd error at least shows
> that my bind credentials are working?
>
> So I am still stuck yet hopefully these results might help you help me
> narrow it down?
>
> Thx again!
>
> Brig
>
Next time, please provide the whole command producing the error output.
-- Peter BenkoReceived on Mon Nov 18 2013 - 15:02:52 MST
This archive was generated by hypermail 2.2.0 : Wed Nov 20 2013 - 12:00:04 MST