<div dir="ltr"><div><div>Hi<br><br>In the Squid Server, I want only basic authentication.<br><br>The command: <br><br>/usr/lib/squid3/basic_ldap_auth \<br> -b cn=users,dc=empresa,dc=com,dc=br \<br> -D cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 \<br> -h 192.168.0.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s"<br><br>shows "Success" to authenticate only the users in Organization Unity (OU) "Users", but in my domain I have many OU that has users as TI, Financial, Sales..<br><br>How I get authenticate the users in others OU?<br><br></div>Thanks,<br><br></div>Márcio<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-12-08 6:23 GMT-02:00 Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 8/12/2015 4:00 p.m., Marcio Demetrio Bacci wrote:<br>
> I have changed my authentication block as below, but is not working.<br>
><br>
> The proxy user is a Read Only Domain Controller member. The password is<br>
> correct.<br>
><br>
> Samba4, krb5-user and winbindd are installed and work perfectly. Do I need<br>
> install any other package?<br>
<br>
</span>What authentication system do you think you are using? Basic or<br>
Kerberos? because you configured Basic.<br>
<span class=""><br>
><br>
> How can I test in command line?<br>
><br>
<br>
</span>Everthign in squid.conf after the "auth_param basic program " is the<br>
command line for the helper.<br>
* Run that command line:<br>
<span class=""> /usr/lib/squid3/basic_ldap_auth \<br>
-b cn=users,dc=empresa,dc=com,dc=br \<br>
-D cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 \<br>
-h 192.168.0.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s"<br>
<br>
</span>* If nothing happens and it just waits for input, it has started properly.<br>
<br>
* Enter two words on each line, username and password for a user account<br>
which might be using Squid. Try both valid and invalid combos.<br>
<br>
* The helper will reply OK (valid) or ERR (invalid) if it has been a<br>
successful check. BH if there was a failure.<br>
<span class=""><br>
<br>
> Have anything wrong in my authentication block ?<br>
><br>
> auth_param basic program /usr/lib/squid3/basic_ldap_auth -b<br>
> cn=users,dc=empresa,dc=com,dc=br -D<br>
> cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 -h 192.168.0.25 -p<br>
> 389 -s sub -v 3 -f "sAMAccountName=%s"<br>
> auth_param basic children 50<br>
> auth_param basic realm Proxy Server Squid<br>
> auth_param basic credentialsttl 2 hours<br>
> auth_param basic casesensitive off<br>
<br>
<br>
</span>Nothing particularly visible to me. But that said I'm not a regular user<br>
of LDAP, so there could be something subtle hiding in the LDAP query<br>
strings or ither parameters that deos not match what your LDAP service<br>
needs.<br>
<span class=""><br>
<br>
><br>
> With the command "ldbsearch -H /opt/samba/private/sam.ldb<br>
> '(objectclass=user)' uidNumber gidNumber ", my result is:<br>
> # record 881<br>
> dn: CN=proxy,CN=Users,DC=empresa,DC=com,DC=br<br>
> uidNumber: 10558<br>
> gidNumber: 30037<br>
><br>
<br>
</span>The U on Users is upper case in this test. It is lower case in your<br>
config file.<br>
<br>
The DC/dc CN/cn values are also different case. That might matter to<br>
your LDAP system.<br>
<br>
If either of those turn out to be the problem, then you will need to fix<br>
the -b parameter as well.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div>