Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 27 December 2024, 10:17:30 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Endian 3 Proxy Authenticating via LDAP
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian 3 Proxy Authenticating via LDAP  (Read 25575 times)
ricardo.claus
Full Member
***
Offline Offline

Posts: 30


« on: Monday 25 January 2016, 11:00:09 pm »

Dear,

I'm trying to set up authentication by Access Group in Windows 2012 R2 via LDAP in Endian 3.0.5 Beta1, however unsuccessfully.
Proxy configured as non-transparent.
The machines customers to enter user / password field, authentication is not recognized.
The machines were tested clients: Win7, win8 and Win2008R2

Viewing the log of the Squid cache, this error appears:

basic_ldap_auth.cc (684): pid = 28593: user filter '(& (objectClass = person) (uid = iuser))', searchbase 'DC = domain, DC = local'
basic_ldap_auth: WARNING, LDAP search error 'Operations error'

In the settings options, I used these options:

LDAP specific settings:
LDAP server: IP AD server
Port of LDAP server: 389
Bind DN settings: DC = domain, DC = local
Type LDAP: LDAP v3 (Also tried with Active Directory Server)
Bind DN username: CN = Administrator, CN = Users, DC = domain, DC = local
user objectClass: person
group objectClass: group

I can enter the Endian in AD normally, however the navigation is refused.
Could someone give me a hint?
Thank you!
Logged
ricardo.claus
Full Member
***
Offline Offline

Posts: 30


« Reply #1 on: Tuesday 26 January 2016, 10:08:05 pm »

Already configured the proxy with NTLM, it works very well.
Here the company authentication via LDAP is critical because some machines will be outside the realm, beyond the visitors we receive here.

I can see the groups and users, set up when the policy.
Even typing User and password, the squid does not release the navigation.
I tested it with several users ...
The log keeps pointing this error:

basic_ldap_auth.cc (684): pid = 18085: user filter '(& (objectClass = person) (uid = iuser))', searchbase 'DC = domain, DC = local'
basic_ldap_auth: WARNING, LDAP search error 'Operations error'

Anyone know how to solve the problem?
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #2 on: Wednesday 03 February 2016, 01:02:34 am »

Try this
http://www.efwsupport.com/index.php?topic=1001.0
Logged
ricardo.claus
Full Member
***
Offline Offline

Posts: 30


« Reply #3 on: Wednesday 03 February 2016, 05:47:06 am »

Dear DDA,

I appreciate your help.
I read the hint that you sent me.
I realized some changes in the configuration fields.

Now I no longer see this error:
basic_ldap_auth: WARNING, LDAP search error 'Operations error'

But still the problem in navigation.
When I type the User and password in the login screen, the proxy does not release. What I see this in the log cache.log:

basic_ldap_auth.cc (684): pid = 19812: user filter '(& (objectClass = person) (uid = IUSER))', searchbase 'CN = Users, DC = domain, DC = local'
basic_ldap_auth.cc (706): pid = 19812: Ldap search returned nothing

The above error, it's like the User and Password that digitel, were not found in AD.

When I run this command in Terminal, I can usually consult any User registered in my AD.
From the Endian terminal, I run this command:

/ usr / lib / squid / basic_ldap_auth -R -b "dc = domain, dc = local" -D "cn = Administrator, CN = Users, DC = domain, dc = local" -w "password" -f sAMAccountName =% s -h 10.16.16.11

I type the User and Password, and get this success message:

"OK"
with this result I conclude that the LDAP query via terminal, works perfectly.
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #4 on: Wednesday 03 February 2016, 09:38:32 am »

When you got to -proxy-accesspolicy- enable authentication does the list of users and groups drop down?
Logged
ricardo.claus
Full Member
***
Offline Offline

Posts: 30


« Reply #5 on: Thursday 04 February 2016, 12:05:54 am »

Yes, Access Policy I can select User authentication or group. Yes can view the AD users and groups.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com