Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid_ldap_auth AD user password issues.

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP
      periko
      last edited by

      Hi.

      I'm trying to setup squid auth vs win 2k3 AD, is working on pfsense 2.0.1 nano.

      I have seen that this 2 settings and both  work:

      This one from the GUI

      
       auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b dc=example,dc=local -D cn=squid,cn=Users,dc=example,dc=local -w password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389
      
      

      This one on the console I can setup this.

      
      auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b dc=example,dc=local -D "squid@example.local" -w password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389 -
      
      

      Which is the right one?

      Second, we can use any user on AD to bind to the AD server? we don't have to use any super user?

      Third, I have seen that went a user have special characters on his password it cannot authenticate, just letters or numbers or mix, someone knows about this issue?

      Thanks!!!

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      1 Reply Last reply Reply Quote 0
      • G
        Gloom
        last edited by

        The first example is the correct form as it fully conforms with the ldap standard. The second will work but only with AD

        An unprivileged account is the best way to do the ldap bind. There is no need for it to be an admin.

        I have users with ' in their user name, in fact I'm one of them and there are no issues.

        Never underestimate the power of human stupidity

        1 Reply Last reply Reply Quote 0
        • perikoP
          periko
          last edited by

          I'm working to see why went the users have special characters it has issues.

          Thanks for your info Gloom, see u latter!!!

          Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
          www.bajaopensolutions.com
          https://www.facebook.com/BajaOpenSolutions
          Quieres aprender PfSense, visita mi canal de youtube:
          https://www.youtube.com/c/PedroMorenoBOS

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.