nixCraft

hkjack · #1 (**permalink**) 06-12-2007, 10:13 AM

Hi all,

I have a Problem about squid auth with LDAP.
I have read Configure squid for LDAP authentication using squid_ldap_auth helper

First of all, I have problem in Step # 1: Make sure squid can talk to LDAP server.

When type the following command:
/usr/lib/squid/squid_ldap_auth -b "dc=domain,dc=local" -f "uid=%s" 192.168.0.10
admin 123456

Then have not any reaction on the screen, no error.

I have try to input the wrong dc, it will show error. So I am sure that dc is correct.
I hope somebody can help me. I was thinking this problem for a long time.
Thank for your help!

I am not good in linux, and my AD is windows 2000 AD, Squid 2.5stable 13, FD4.

nixcraft · #2 (**permalink**) 06-12-2007, 03:43 PM

You should see OK on screen after username and password. What is the output of $? after typing user password:

Code:

echo $?

hkjack · #3 (**permalink**) 06-12-2007, 04:13 PM

*************************************************

/usr/lib/squid/squid_ldap_auth -b "dc=domain,dc=local" -f "uid=%s" 192.168.0.10
admin 123456

*************************************************
After I input username and password => enter
No reaction, enter again, just jump down next line. No reaction. I need press control C to end the process.

If I type
************************************************
[root@Proxy_AD ~]# /usr/lib/squid/squid_ldap_auth -R -b -v 3 "DC=HODOM,DC=LOCAL" -f "uid=%s" 192.168.0.10
admin 123456
ERR Success
************************************************

Will be display ERR Success
When I press enter again, It will down to next line and Display ERR.

I just check my MSAD LDAP with Active Directory Administration Tool
=================================================
ld = ldap_open("hksdctws1", 389);
Established connection to hksdctws1.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: <ldp error <0x0>: cannot format time field;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=HODOM,D C=LOCAL;
1> dsServiceName: CN=NTDS Settings,CN=HKSDCTWS1,CN=Servers,CN=HK-TW-ISD,CN=Sites,CN=Configuration,DC=HODOM,DC=LOCAL;
3> namingContexts: CN=Schema,CN=Configuration,DC=HODOM,DC=LOCAL; CN=Configuration,DC=HODOM,DC=LOCAL; DC=HODOM,DC=LOCAL;
1> defaultNamingContext: DC=HODOM,DC=LOCAL;
1> schemaNamingContext: CN=Schema,CN=Configuration,DC=HODOM,DC=LOCAL;
1> configurationNamingContext: CN=Configuration,DC=HODOM,DC=LOCAL;
1> rootDomainNamingContext: DC=HODOM,DC=LOCAL;
16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn;
1> highestCommittedUSN: 6765531;
2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO;
1> dnsHostName: hksdctws1.HODOM.LOCAL;
1> ldapServiceName: HODOM.LOCAL:hksdctws1$@HODOM.LOCAL;
1> serverName: CN=HKSDCTWS1,CN=Servers,CN=HK-TW-ISD,CN=Sites,CN=Configuration,DC=HODOM,DC=LOCAL;
2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
==================================================

Please help
Thank so much

raj · #4 (**permalink**) 06-12-2007, 05:06 PM

This is what you need to use in your squid.conf file

Code:

auth_param basic program /path/to/squid_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver

raj · #5 (**permalink**) 06-12-2007, 05:09 PM

Also chk out ConfigExamples/WindowsAuthenticationNTLM - SquidWiki help pages

hkjack · #6 (**permalink**) 06-12-2007, 10:23 PM

Dear raj, thank for your reply

May I use the squid_ldap_auth only without samba?

in the e.g.

Code:

auth_param basic program /path/to/squid_ldap_auth -P -R -b 
"dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w 
"secretsquidpassword" -f "(&(userPrincipalName=%s)
(objectClass=Person))" activedirectoryserver

is it need add the "cn=squid" in AD? and what is "secretsquidpassword"

Please help
Thank you

hkjack · #7 (**permalink**) 06-15-2007, 08:27 AM

I have a Problem about squid auth with LDAP.
I have read Configure squid for LDAP authentication using squid_ldap_auth helper

First of all, I have problem in Step # 1: Make sure squid can talk to LDAP server.

Code:

/usr/lib/squid/squid_ldap_auth -b "dc=domain,dc=local" -f "uid=%s" 192.168.0.10
admin 123456

After I input username and password => enter
No reaction, press enter again, just jump down next line. No reaction. I need press control C to end the process.

Code:

root@Proxy_AD ~]# /usr/lib/squid/squid_ldap_auth -R -b -v 3 "DC=HODOM,DC=LOCAL" -f "uid=%s" 192.168.0.10
admin 123456
ERR Success

Will be display ERR Success
When I press enter again, It will down to next line and Display ERR.

I just check my MSAD LDAP with Administration Tool
[quote]ld = ldap_open("hksdctws1", 389);
Established connection to hksdctws1.
Retrieving base DSA information...
Result <0>: (null)
Matched
Getting 1 entries:
>> Dn:
1> currentTime: <ldp error <0x0>: cannot format time field;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=HODOM,D C=LOCAL;
1> dsServiceName: CN=NTDS Settings,CN=HKSDCTWS1,CN=Servers,CN=HK-TW-ISD,CN=Sites,CN=Configuration,DC=HODOM,DC=LOCAL;
3> namingContexts: CN=Schema,CN=Configuration,DC=HODOM,DC=LOCAL; CN=Configuration,DC=HODOM,DC=LOCAL; DC=HODOM,DC=LOCAL;
1> defaultNamingContext: DC=HODOM,DC=LOCAL;
1> schemaNamingContext: CN=Schema,CN=Configuration,DC=HODOM,DC=LOCAL;
1> configurationNamingContext: CN=Configuration,DC=HODOM,DC=LOCAL;
1> rootDomainNamingContext: DC=HODOM,DC=LOCAL;
16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn;
1> highestCommittedUSN: 6765531;
2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO;
1> dnsHostName: hksdctws1.HODOM.LOCAL;
1> ldapServiceName: HODOM.LOCAL:hksdctws1$@HODOM.LOCAL;
1> serverName: CN=HKSDCTWS1,CN=Servers,CN=HK-TW-ISD,CN=Sites,CN=Configuration,DC=HODOM,DC=LOCAL;
2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;quote]

Very painful problem for me
Please help!
Thank so much

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Squid Problem	B!n@ry	Linux software	3	04-15-2007 04:36 PM
problem with Squid	puppen	Linux software	4	01-04-2007 03:45 PM
open ldap autentication problem	kasimani	Linux software	0	10-15-2006 12:17 AM
Problem with squid	LRC	Linux software	17	06-10-2006 08:52 PM
LDAP auth problem	vasanth	Linux software	1	02-16-2005 10:59 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

nixCraft

Problem about squid auth with LDAP

Problem about squid auth with LDAP

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads