I've been struggling with getting Squid to authenticate against AD
using squid_ldap_auth.
OS: OEL 5.3 (Redhat)
Squid: squid-2.6.STABLE21-3.el5
I've been able to get it to authenticate successfully against SunONE
Directory server, but our internal users aren't in that LDAP but
should in theory show the pieces are functional.
Here's the relevant section from squid.conf, obfuscation where necessary:
auth_param basic program /usr/lib64/squid/squid_ldap_auth -d -R -v 3
-d -b "dc=oa,dc=DOMAIN,dc=com" -D "CN=SURNAME\,
Givenname,OU=Basic,OU=Users,DC=oa,DC=DOMAIN,DC=com" -w "XXXXXX" -f
sAMAccountName=%s -h AD_SERVER.oa.domain.com
auth_param basic children 5
auth_param basic realm "Restricted Use"
auth_param basic credentialsttl 10 minutes
Having this in squid.conf gives the error:
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
However if I copy & paste this exact line starting with the
/usr/lib64/squid/squid_ldap_auth is successful:
bash-3.2$ /usr/lib64/squid/squid_ldap_auth -d -R -v 3 -d -b
"dc=oa,dc=DOMAIN,dc=com" -D "CN=SURNAME\,
Givenname,OU=Basic,OU=Users,DC=oa,DC=DOMAIN,DC=com" -w "XXXXXXX" -f
sAMAccountName=%s -h AD_SERVER.oa.domain.com
user2 pass
user filter 'sAMAccountName=user2', searchbase 'dc=oa,dc=DOMAIN,dc=com'
attempting to authenticate user 'CN=lastname\,
firstname,OU=Basic,OU=ISO_Users,DC=oa,DC=caiso,DC=com'
OK
Any ideas from the list? All searches tell me the user or password is
wrong, but that's not the case. Looks like squid's parsing of the
binddn seems broken on this.
Received on Wed Aug 25 2010 - 20:14:29 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 26 2010 - 12:00:02 MDT