Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    squid3 squid_ldap_auth ad logs

    server = ubuntu 8.10
    squid 3
    windows 2003 active diretory


    I want to log web usage on squid to AD usernames

    So far I have fresh install of squid3. I have changed

    acl localnet src
    http_allow access localnet

    This has allowed me browse the web through squid. I can see traffic and logs being generated in access.log. My next step is to log by AD username.
    I have read many differrent ways of achieving this. I want to do it with squid_ldap_auth

    I know I need to edit the settings in

    auth_param basic program

    I need help at this point.

  2. #2
    Just to help out

    2003 AD server name = server1 (
    domain =
    admin username = administrator
    password = mypassword
    ou = staff
    domain admins = user1, administrator

    lets say I try this

    /usr/lib/squid/squid_ldap_auth -b "dc=mycompany,dc=com" -f "uid=%s" -h

    (at this point it seems to be waiting for some input, so I type)

    USERID administrator PASSWORD mypassword

    and I receive

    squid_ldap_auth: WARNING, LDAP search error 'Operations error'
    ERR Success

    if I try this

    ./squid_ldap_auth -R -b "dc=mycompany,dc=com" -D "CN=user1,OU=Staff,DC=mycompany,DC=com" -w "mypassword" -f sAMAccountName=%s -h

    USERID user1 PASSWORD mypassword I get this message

    ERR success

  3. #3
    I have edited these settings in squid.conf

    auth_param basic program /squid_ldap_auth -R -b "dc=mycompany,dc=com" -D "CN=user1,OU=Staff,DC=mycompany,DC=com" -w "mypassword" -f sAMAccountName=%s -h
    auth_param basic children 5
    auth_param basic realm Your Organisation Name
    auth_param basic credentialsttl 5 minutes

    acl ldapauth proxy_auth REQUIRED

    #http_access allow localnet
    http_access allow localhost
    http_access allow ldapauth

    When loading up Internet Explorer I am being prompted for username/passowrd and I can browse the web via squid.

    Does anyone know how to prevent the logon box prompting users and just take the logon credentials of the Windows client pc's for a seemless connection. I don't want users having to enter username and password for every workstation they use.

  4. $spacer_open
  5. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    North Carolina

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts