On Mon, 5 Jan 2004, Victor Souza Menezes wrote:
> I'm trying to authenticate squid users against a MS Active directory but i am
> having problems. I've already tried all the statements tha are in the
> squid_ldap_auth manual.
>
> the MS Active directory is under the following domain:
>
> tre-pb.gov.br
>
> I created some users directly in this domain.
Is these in the default "Users" container, or somewhere else?
Is the "Pre-Windows 2000 login" set to something that makes sense?
In short you basically MUST use the search mode to locate MSAD users. And
most MSAD installations does not allow anonymous searches so you must
manually specify a full LDAP DN and password of a dummy user to use while
searching for the actual user.
Users within the default "Users" container have a DN line
CN=UsersFullName,CN=Users,dc=tre-pb,dc=gov,dc=br
You can try this out with
"ldapsearch -x -W -D 'CN=UsersFullName,CN=Users,dc=tre-pb,dc=gov,dc=br'"
when ldapsearch returns you the information about what users and groups
you have in the directory then you are set to start using the
squid_ldap_auth helper.
Regards
Henrik
Received on Mon Jan 05 2004 - 20:24:00 MST
This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:03 MST