Squid_ldap_auth AD user password issues.



  • Hi.

    I'm trying to setup squid auth vs win 2k3 AD, is working on pfsense 2.0.1 nano.

    I have seen that this 2 settings and both  work:

    This one from the GUI

    
     auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b dc=example,dc=local -D cn=squid,cn=Users,dc=example,dc=local -w password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389
    
    

    This one on the console I can setup this.

    
    auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b dc=example,dc=local -D "squid@example.local" -w password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389 -
    
    

    Which is the right one?

    Second, we can use any user on AD to bind to the AD server? we don't have to use any super user?

    Third, I have seen that went a user have special characters on his password it cannot authenticate, just letters or numbers or mix, someone knows about this issue?

    Thanks!!!



  • The first example is the correct form as it fully conforms with the ldap standard. The second will work but only with AD

    An unprivileged account is the best way to do the ldap bind. There is no need for it to be an admin.

    I have users with ' in their user name, in fact I'm one of them and there are no issues.



  • I'm working to see why went the users have special characters it has issues.

    Thanks for your info Gloom, see u latter!!!


Log in to reply