Re: [squid-users] Re: NCSA Password change and AD Authentication

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Tue, 15 Sep 2009 20:28:43 +0200

tis 2009-09-15 klockan 20:27 +0530 skrev vikas rawat:
> Hi,
> For AD authentication i tried;
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
> "dc=Seinpuvi0001,dc=company-sbm,dc=com" -D
> "cn=testadmin,cn=Pune/Users,dc=Seinpuvi0001,dc=company-sbm,dc=com" -w
> "pwd" -f sAMAccountName=%s -h ip-address
> auth_param basic children 5
> auth_param basic realm squid testing
> auth_param basic credentialsttl 5 minutes
>
>
> external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
> -b "dc=company-sbm,dc=com" -D
> "cn=testadmin,cn=Pune,dc=company-sbm,dc=com" -w "pwd" -f
> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Pune/Users,dc=company-sbm,dc=com))"
> -h ip-address
>
> But could not connect with AD.

AD security policies generally do not allow the above configuration due
to the weak authentication mechanism used (unencrypted plaintext).

You can get around this by enabling SSL (requires a SSL certificate to
be installed on the AD server, and appropriate CA certificate installed
on the Squid server if not signed by the normally trusted CAs)

Regards
Henrik
Received on Tue Sep 15 2009 - 18:28:48 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 16 2009 - 12:00:03 MDT