My using M$ AD and I can authenticate any user in the Base DN: , but only there. How can I include the search of the rest of the OUs in my domain. I have no group for access control at this point. I would like to simply allow all and have smoothwall as my accountability. I will later revoke if need be.

Base DN: cn=users,dc=Acme,dc=Com
Bind DN username: cn=administrator,cn=users,dc=Acme,dc=Com

Entire Domain Structure of Users:

cn=users,dc=Acme,dc=Com
ou=users,ou=office,ou=acmedev,dc=Acme,dc=Com
ou=users,ou=lab,ou=acmedev,dc=Acme,dc=Com
ou=users,ou=office,ou=acmeprod,dc=Acme,dc=Com
ou=users,ou=lab,ou=acmeprod,dc=Acme,dc=Com
ou=users,ou=office,ou=acmemig,dc=Acme,dc=Com
ou=users,ou=lab,ou=acmemig,dc=Acme,dc=Com

code from my squad.conf

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b "cn=users,dc=Acme,dc=Com" -D "cn=administrator,cn=users,dc=Acme,dc=Com "
-w P@ssW0rD -f "(&(objectClass=person)(sAMAccountName=%s))" -u sAMAccountName -P 192.168.1.150:389
auth_param basic children 5
auth_param basic realm My inet Proxy
auth_param basic credentialsttl 60 minutes

Hi,

got a chance to read your post. Here you have explained to configure squid proxy to use authentication from ADS. My doubt is in the line

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b "cn=users,dc=Acme,dc=Com" -D "cn=administrator,cn=users,dc=Acme,dc=Com "
-w P@ssW0rD -f "(&(objectClass=person)(sAMAccountName=%s))" -u sAMAccountName -P 192.168.1.150:389

can't we use the line without the "-w P@ssW0rD" option...
that means is there a way where i can search the ADS without specifying the password.[as we do in linux LDAP]


Thanks in advance

Sridhar