Hi In the Squid Server, I want only basic authentication.
The command: /usr/lib/squid3/basic_ldap_auth \ -b cn=users,dc=empresa,dc=com,dc=br \ -D cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 \ -h 192.168.0.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s" shows "Success" to authenticate only the users in Organization Unity (OU) "Users", but in my domain I have many OU that has users as TI, Financial, Sales.. How I get authenticate the users in others OU? Thanks, Márcio 2015-12-08 6:23 GMT-02:00 Amos Jeffries <squ...@treenet.co.nz>: > On 8/12/2015 4:00 p.m., Marcio Demetrio Bacci wrote: > > I have changed my authentication block as below, but is not working. > > > > The proxy user is a Read Only Domain Controller member. The password is > > correct. > > > > Samba4, krb5-user and winbindd are installed and work perfectly. Do I > need > > install any other package? > > What authentication system do you think you are using? Basic or > Kerberos? because you configured Basic. > > > > > How can I test in command line? > > > > Everthign in squid.conf after the "auth_param basic program " is the > command line for the helper. > * Run that command line: > /usr/lib/squid3/basic_ldap_auth \ > -b cn=users,dc=empresa,dc=com,dc=br \ > -D cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 \ > -h 192.168.0.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s" > > * If nothing happens and it just waits for input, it has started properly. > > * Enter two words on each line, username and password for a user account > which might be using Squid. Try both valid and invalid combos. > > * The helper will reply OK (valid) or ERR (invalid) if it has been a > successful check. BH if there was a failure. > > > > Have anything wrong in my authentication block ? > > > > auth_param basic program /usr/lib/squid3/basic_ldap_auth -b > > cn=users,dc=empresa,dc=com,dc=br -D > > cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 -h 192.168.0.25 > -p > > 389 -s sub -v 3 -f "sAMAccountName=%s" > > auth_param basic children 50 > > auth_param basic realm Proxy Server Squid > > auth_param basic credentialsttl 2 hours > > auth_param basic casesensitive off > > > Nothing particularly visible to me. But that said I'm not a regular user > of LDAP, so there could be something subtle hiding in the LDAP query > strings or ither parameters that deos not match what your LDAP service > needs. > > > > > > With the command "ldbsearch -H /opt/samba/private/sam.ldb > > '(objectclass=user)' uidNumber gidNumber ", my result is: > > # record 881 > > dn: CN=proxy,CN=Users,DC=empresa,DC=com,DC=br > > uidNumber: 10558 > > gidNumber: 30037 > > > > The U on Users is upper case in this test. It is lower case in your > config file. > > The DC/dc CN/cn values are also different case. That might matter to > your LDAP system. > > If either of those turn out to be the problem, then you will need to fix > the -b parameter as well. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
