Endian 3 Proxy Authenticating via LDAP

[Guest]

[ricardo.claus]

Dear,

I'm trying to set up authentication by Access Group in Windows 2012 R2 via LDAP in Endian 3.0.5 Beta1, however unsuccessfully.
Proxy configured as non-transparent.
The machines customers to enter user / password field, authentication is not recognized.
The machines were tested clients: Win7, win8 and Win2008R2

Viewing the log of the Squid cache, this error appears:

basic_ldap_auth.cc (684): pid = 28593: user filter '(& (objectClass = person) (uid = iuser))', searchbase 'DC = domain, DC = local'
basic_ldap_auth: WARNING, LDAP search error 'Operations error'

In the settings options, I used these options:

LDAP specific settings:
LDAP server: IP AD server
Port of LDAP server: 389
Bind DN settings: DC = domain, DC = local
Type LDAP: LDAP v3 (Also tried with Active Directory Server)
Bind DN username: CN = Administrator, CN = Users, DC = domain, DC = local
user objectClass: person
group objectClass: group

I can enter the Endian in AD normally, however the navigation is refused.
Could someone give me a hint?
Thank you!

[ricardo.claus]

Already configured the proxy with NTLM, it works very well.
Here the company authentication via LDAP is critical because some machines will be outside the realm, beyond the visitors we receive here.

I can see the groups and users, set up when the policy.
Even typing User and password, the squid does not release the navigation.
I tested it with several users ...
The log keeps pointing this error:

basic_ldap_auth.cc (684): pid = 18085: user filter '(& (objectClass = person) (uid = iuser))', searchbase 'DC = domain, DC = local'
basic_ldap_auth: WARNING, LDAP search error 'Operations error'

Anyone know how to solve the problem?

[dda]

Try this
http://www.efwsupport.com/index.php?topic=1001.0

[ricardo.claus]

Dear DDA,

I appreciate your help.
I read the hint that you sent me.
I realized some changes in the configuration fields.

Now I no longer see this error:
basic_ldap_auth: WARNING, LDAP search error 'Operations error'

But still the problem in navigation.
When I type the User and password in the login screen, the proxy does not release. What I see this in the log cache.log:

basic_ldap_auth.cc (684): pid = 19812: user filter '(& (objectClass = person) (uid = IUSER))', searchbase 'CN = Users, DC = domain, DC = local'
basic_ldap_auth.cc (706): pid = 19812: Ldap search returned nothing

The above error, it's like the User and Password that digitel, were not found in AD.

When I run this command in Terminal, I can usually consult any User registered in my AD.
From the Endian terminal, I run this command:

/ usr / lib / squid / basic_ldap_auth -R -b "dc = domain, dc = local" -D "cn = Administrator, CN = Users, DC = domain, dc = local" -w "password" -f sAMAccountName =% s -h 10.16.16.11

I type the User and Password, and get this success message:

"OK"
with this result I conclude that the LDAP query via terminal, works perfectly.

[dda]

When you got to -proxy-accesspolicy- enable authentication does the list of users and groups drop down?

[ricardo.claus]

Yes, Access Policy I can select User authentication or group. Yes can view the AD users and groups.