Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid auth active directory in windows 2008 server

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 3 Posters 9.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      maximofxv
      last edited by

      Hi Guys

      thks for the great pf and forumsĀ  ;)

      i have a problem and hope you can help

      installed pfsense with squid 2.6 stable the ldap authentication worked great with windows serve 2003 when i setup a windows server 2008 box the auth no longer works the config which i used for the 03 box:

      Authentication method - LDAP
      LDAP version - 3
      Authentication server - (windows server IP address)
      LDAP server user DN - cn=administrator,cn=Users,dc=xxxx
      LDAP password - (your password for the administrator account)
      LDAP base domain - dc=xxxxx,dc=xxxxx,dc=xxxx
      LDAP search filter - sAMAccountName=%s

      does not work on 2008 are there modifications needed on 2k8 or ???

      please help. thanks

      1 Reply Last reply Reply Quote 0
      • Q Offline
        QuentinB
        last edited by

        Hi,

        I am in the same situation. I have installed a new Server2008 with AD and a clean version of PFSense. I have tried different things and squid service "Stops" when I try and access a page with errors "simpleauthhelpers crashed to many times, help needed" or something along those lines.

        1 Reply Last reply Reply Quote 0
        • G Offline
          Gloom
          last edited by

          2008 DCs do not play nice with LDAP authentication, due to some slight changes made by Microsoft. It's not only squid-cache that has the problem.
          Current workarounds involve samba installs, joining the box to the domain and switching to kerberos autentication. Not what you wanted to hear I suppose. On the plus side the squid port for Windows 2008 runs fine.

          On the original post in this topic I have to wonder why people keep using the Domain Administrator account for LDAP lookups. This is a huge security hole. Please stop doing it people. All you need is an unprivileged account not the admin account blasting the password out in clear text for the world to see.

          Never underestimate the power of human stupidity

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.