SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000921: Active Directory And Squid Problem - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000921Endian FirewallApplication Level Proxiespublic2008-06-06 18:382008-09-10 15:44
danielgines 
simon-endian 
normalmajoralways
closedfixed 
2.2-rc1 
2.2-rc32.2-rc2 
0000921: Active Directory And Squid Problem
I was trying to authenticate Endian Squid users against an Active Directory,
but after some tests, I figure out that's Endian wrote a wrong squid.conf file
for my AD.

 First Endian is missing "-v 3" when use with "Active Directory" LDAP option.

 Second, Endian is allways missing the first LDAP level after the AD BaseDN, for
example:

 I have:
memberOf=cn=Internet,CN=Users,DC=teste,DC=com

 But Endian wrotes a squid.conf like this:
memberOf=cn=Internet,DC=teste,DC=com

 Again I have:
memberOf=CN=Administradores,CN=Builtin,DC=teste,DC=com

 But Endian wrotes a squid.conf like this:
memberOf=cn=Administradores,DC=teste,DC=com

 
Here my diff from squid.conf generated by Endian and my squid.conf finaly
working against my Active directory:

root@efw:/etc/squid # diff -Nru squid.conf squid.conf-OK
--- squid.conf 2008-06-04 21:03:38.000000000 -0300
+++ squid.conf-OK 2008-06-04 20:29:06.000000000 -0300
@@ -63,16 +63,16 @@

 # START AUTHENTICATION
 # METHOD is LDAP
-auth_param basic program /usr/lib/squid/squid_ldap_auth -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,DC=teste,DC=com)))" -u sAMAccountName -P 192.168.0.200:389
+auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,CN=Users,DC=teste,DC=com)))" -u sAMAccountName -P 192.168.0.200:389
 auth_param basic children 20
 auth_param basic realm Endian Advanced Proxy Server
 auth_param basic credentialsttl 60 minutes

-external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P 192.168.0.200:389
+external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com"-w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P 192.168.0.200:389


-acl for_group1_users external ldap_group cn=Administradores,DC=teste,DC=com
-acl for_group3_users external ldap_group cn=Internet,DC=teste,DC=com
+acl for_group1_users external ldap_group cn=Administradores,CN=Builtin,DC=teste,DC=com
+acl for_group3_users external ldap_group cn=Internet,CN=Users,DC=teste,DC=com
 acl for_inetusers proxy_auth REQUIRED
 # END AUTHENTICATION


 Has all of you can see, Endian is missing "CN=Builtin", "CN=Users" and "-v 3"
from configurarion. I guess it's a problem with ldap_enabled_groups variable.
No tags attached.
Issue History
2008-06-06 18:38danielginesNew Issue
2008-06-06 18:55peter-endianAssigned To => simon-endian
2008-06-06 18:55peter-endianStatusnew => assigned
2008-06-06 18:55peter-endianTarget Version => 2.2
2008-06-12 13:23simon-endianStatusassigned => resolved
2008-06-12 13:23simon-endianFixed in Version => 2.2
2008-06-12 13:23simon-endianResolutionopen => fixed
2008-06-16 14:45AnonymousStatusresolved => feedback
2008-06-16 14:45AnonymousResolutionfixed => reopened
2008-06-16 14:45AnonymousNote Added: 0001318
2008-07-10 09:04simon-endianNote Added: 0001431
2008-07-10 09:04simon-endianStatusfeedback => closed
2008-07-10 09:04simon-endianResolutionreopened => fixed
2008-07-10 09:04simon-endianFixed in Version2.2 => 2.2-rc2
2008-09-10 15:44chris-endianTarget Version2.2 => 2.2-rc3

Notes
(0001318)
Anonymous   
2008-06-16 14:45   
where is the patch ?
tks
(0001431)
simon-endian   
2008-07-10 09:04   
it will be included in the 2.2 rc2