[squid-users] Problems with ldap authentication
Marcio Demetrio Bacci
marciobacci at gmail.com
Tue Dec 8 17:14:45 UTC 2015
Hi
In the Squid Server, I want only basic authentication.
The command:
/usr/lib/squid3/basic_ldap_auth \
-b cn=users,dc=empresa,dc=com,dc=br \
-D cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 \
-h 192.168.0.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s"
shows "Success" to authenticate only the users in Organization Unity (OU)
"Users", but in my domain I have many OU that has users as TI, Financial,
Sales..
How I get authenticate the users in others OU?
Thanks,
Márcio
2015-12-08 6:23 GMT-02:00 Amos Jeffries <squid3 at treenet.co.nz>:
> On 8/12/2015 4:00 p.m., Marcio Demetrio Bacci wrote:
> > I have changed my authentication block as below, but is not working.
> >
> > The proxy user is a Read Only Domain Controller member. The password is
> > correct.
> >
> > Samba4, krb5-user and winbindd are installed and work perfectly. Do I
> need
> > install any other package?
>
> What authentication system do you think you are using? Basic or
> Kerberos? because you configured Basic.
>
> >
> > How can I test in command line?
> >
>
> Everthign in squid.conf after the "auth_param basic program " is the
> command line for the helper.
> * Run that command line:
> /usr/lib/squid3/basic_ldap_auth \
> -b cn=users,dc=empresa,dc=com,dc=br \
> -D cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 \
> -h 192.168.0.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s"
>
> * If nothing happens and it just waits for input, it has started properly.
>
> * Enter two words on each line, username and password for a user account
> which might be using Squid. Try both valid and invalid combos.
>
> * The helper will reply OK (valid) or ERR (invalid) if it has been a
> successful check. BH if there was a failure.
>
>
> > Have anything wrong in my authentication block ?
> >
> > auth_param basic program /usr/lib/squid3/basic_ldap_auth -b
> > cn=users,dc=empresa,dc=com,dc=br -D
> > cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 -h 192.168.0.25
> -p
> > 389 -s sub -v 3 -f "sAMAccountName=%s"
> > auth_param basic children 50
> > auth_param basic realm Proxy Server Squid
> > auth_param basic credentialsttl 2 hours
> > auth_param basic casesensitive off
>
>
> Nothing particularly visible to me. But that said I'm not a regular user
> of LDAP, so there could be something subtle hiding in the LDAP query
> strings or ither parameters that deos not match what your LDAP service
> needs.
>
>
> >
> > With the command "ldbsearch -H /opt/samba/private/sam.ldb
> > '(objectclass=user)' uidNumber gidNumber ", my result is:
> > # record 881
> > dn: CN=proxy,CN=Users,DC=empresa,DC=com,DC=br
> > uidNumber: 10558
> > gidNumber: 30037
> >
>
> The U on Users is upper case in this test. It is lower case in your
> config file.
>
> The DC/dc CN/cn values are also different case. That might matter to
> your LDAP system.
>
> If either of those turn out to be the problem, then you will need to fix
> the -b parameter as well.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151208/bf7cb22e/attachment.html>
More information about the squid-users
mailing list