Re: [squid-users] Squid - LDAP

Tue, 14 Feb 2006 07:44:30 -0800
One thing to note, In Windows 2003 Server, Microsoft disables anonymous LDAP binds by default. Instead of doing an anonymous bind, try testing your squid_ldap_auth command with options to bind as an authorative user. Like: 


   /usr/lib/squid/squid_ldap_auth -D Administrator -w Admin_Password -R 
-b "dc=xx,dc=yyy,dc=uuuu,dc=rrrr"  -f sAMAccountName=%s -h 10.239.56.2


Note the -D and -w options.


I do not recommend encoding the Active Directory administrator account 
in the squid configuration file.  Either set up another authorized 
account that has read only permissions, or see Microsoft's documentation 
on enabling anonymous binds to a Windows 2003 Active Directory via LDAP.


Tim

-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer         Komatsu Canada Limited
Ph#: 905-625-6292 x265            1725B Sismet Road
Fax: 905-625-6348                 Mississauga, Canada
E-Mail: [EMAIL PROTECTED]          L4W 1P9
-----------------------------------------------------------



Esteban wrote:

Test if the autenticator work..
run "/usr/lib/squid/squid_ldap_auth -R -b "dc=xx,dc=yyy,dc=uuuu,dc=rrrr"  -f

sAMAccountName=%s -h 10.239.56.2" 
And enter "Username<SPACE>password<ENTER>" IF you get OK the autenticator

Works If you always get an ERR you should chech te configuration of the
Helper / the Ldap Server

And "for testing only" use this Http_access Schema

http_access allow password
http_access deny all



  

My squid.conf is:
.....
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
"dc=xx,dc=yyy,dc=uuuu,dc=rrrr"  -f sAMAccountName=%s -h 10.239.56.2
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
.....
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 407
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 407
acl CONNECT method CONNECT

    




  

http_access allow manager localhost
http_access allow password
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
....
cache_peer another-proxy.xxxx.com parent 8080 0 proxy-only default
#

Which is the problem?


    





  






















					Reply via email to