Re: [squid-users] MSAD + SQUID = authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 1 Sep 2002 02:03:25 +0200

On Saturday 31 August 2002 00.27, JOHNSON DAVID R wrote:
> question ?
> is anyone authenticating against an AD? if so how did you setup up
> the
>
> authenticate program directive

By using the LDAP helper. See the documentation shipped with the LDAP
helper.

> in the squid.conf file. I am unable to successfully authenticate my
> users... not all of them have the UserPrincipalName field but they
> all do have the sAMAccount name and name fields.
>
> my directive is as follows :
>
> authenticate program /usr/lib/squid/squid_kdap_auth -p -R -d
> 'dc=domain, dc=dot, dc=com' -d 'cn=username, cn=users, cn=domain,
> dc=dot, dc=com' -w 'password' -u 'cn' -h ipaddress

Won't work very well.. by this configuration the LDAP helper will
assume that user "David" has the DN

   cn=David, dc=domain, dc=doc, dc=com

which obviously isn't true.

If you want to use another attribute than the DN for identifying your
users then you will need to use the search mode of the helper.

  -f '(&(ObjectClass=Person)(sAMAccount=%s))'

added to your existing LDAP helper arguments would probably work for
you.

Regards
Henrik
Received on Sat Aug 31 2002 - 18:27:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:54 MST