Squid + Active Directory "squid_ldap_auth "
My using M$ AD and I can authenticate any user in the Base DN: , but only there. How can I include the search of the rest of the OUs in my domain. I have no group for access control at this point. I would like to simply allow all and have smoothwall as my accountability. I will later revoke if need be.
Base DN: cn=users,dc=Acme,dc=Com Bind DN username: cn=administrator,cn=users,dc=Acme,dc=Com Entire Domain Structure of Users: cn=users,dc=Acme,dc=Com ou=users,ou=office,ou=acmedev,dc=Acme,dc=Com ou=users,ou=lab,ou=acmedev,dc=Acme,dc=Com ou=users,ou=office,ou=acmeprod,dc=Acme,dc=Com ou=users,ou=lab,ou=acmeprod,dc=Acme,dc=Com ou=users,ou=office,ou=acmemig,dc=Acme,dc=Com ou=users,ou=lab,ou=acmemig,dc=Acme,dc=Com code from my squad.conf auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b "cn=users,dc=Acme,dc=Com" -D "cn=administrator,cn=users,dc=Acme,dc=Com " -w P@ssW0rD -f "(&(objectClass=person)(sAMAccountName=%s))" -u sAMAccountName -P 192.168.1.150:389 auth_param basic children 5 auth_param basic realm My inet Proxy auth_param basic credentialsttl 60 minutes |
Hi,
got a chance to read your post. Here you have explained to configure squid proxy to use authentication from ADS. My doubt is in the line auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b "cn=users,dc=Acme,dc=Com" -D "cn=administrator,cn=users,dc=Acme,dc=Com " -w P@ssW0rD -f "(&(objectClass=person)(sAMAccountName=%s))" -u sAMAccountName -P 192.168.1.150:389 can't we use the line without the "-w P@ssW0rD" option... that means is there a way where i can search the ADS without specifying the password.[as we do in linux LDAP] Thanks in advance Sridhar |
All times are GMT -5. The time now is 05:03 AM. |