Squid auth active directory in windows 2008 server



  • Hi Guys

    thks for the great pf and forums  ;)

    i have a problem and hope you can help

    installed pfsense with squid 2.6 stable the ldap authentication worked great with windows serve 2003 when i setup a windows server 2008 box the auth no longer works the config which i used for the 03 box:

    Authentication method - LDAP
    LDAP version - 3
    Authentication server - (windows server IP address)
    LDAP server user DN - cn=administrator,cn=Users,dc=xxxx
    LDAP password - (your password for the administrator account)
    LDAP base domain - dc=xxxxx,dc=xxxxx,dc=xxxx
    LDAP search filter - sAMAccountName=%s

    does not work on 2008 are there modifications needed on 2k8 or ???

    please help. thanks



  • Hi,

    I am in the same situation. I have installed a new Server2008 with AD and a clean version of PFSense. I have tried different things and squid service "Stops" when I try and access a page with errors "simpleauthhelpers crashed to many times, help needed" or something along those lines.



  • 2008 DCs do not play nice with LDAP authentication, due to some slight changes made by Microsoft. It's not only squid-cache that has the problem.
    Current workarounds involve samba installs, joining the box to the domain and switching to kerberos autentication. Not what you wanted to hear I suppose. On the plus side the squid port for Windows 2008 runs fine.

    On the original post in this topic I have to wonder why people keep using the Domain Administrator account for LDAP lookups. This is a huge security hole. Please stop doing it people. All you need is an unprivileged account not the admin account blasting the password out in clear text for the world to see.


Log in to reply