Voila je rencontre un petit soucis lors de la configuration de l'authentification LDAP pour le surf sur internet.
J'ai donc tout paramettrer comme sur la doc si dessous:
Configuring Active Directory LDAP authentication for Advanced Proxy
The following guidance is a step-by-step instruction for configuring the authentication using Active Directory via LDAP for Advanced Proxy running on IPCop or SmoothWall.
Anyway, it would be a good idea to read the manual first.
Step 1: Create the Bind DN user account
Open the MMC snap-in Active Directory Users and Computers.
Right click on the domain and select New > User from the menu (figure 1).
Enter the name for the Bind DN user (figure 2). Make sure that the username does not contain spaces or special characters.
Enter the password for the Bind DN user and select the options User cannot change password and Password never expires. Make sure that the option User must change password at next logon is unchecked (figure 3).
Complete the Wizard to create the Bind DN user (figure 4). The Active Directory username will be
ldapbind@ads.local
and the LDAP DN will be
cn=ldapbind,dc=ads,dc=local
This account will be used to bind the Advanced Proxy to the LDAP server. This is necessary because Active Directory doesn't allow anonymous browsing.
Step 2: Grant appropriate access rights to the Bind DN user
Right click the domain and select Delegate Control from the menu (figure 5).
Start the Control Delegation Wizard and select the ldapbind user account (figure 6).
Select Create a custom task to delegate (figure 7).
Restrict delegation to User objects (figure.
Set permissions to Read All Properties (figure 9).
Now complete the Control Delegation Wizard.
Step 3: Configure Advanced Proxy for LDAP authentication
Open the Advanced Proxy GUI page, select LDAP from the section Authentication method and hit Save.
Note: If you are configuring LDAP authentication for the first time, Advanced Proxy may complain about the missing LDAP Base DN.
Now enter the following LDAP settings into the Advanced Proxy GUI (figure 10):
§ Base DN: The start where the LDAP search begins
§ LDAP type: Active Directory
§ LDAP Server: The IP address of your Windows LDAP Server
§ Port: The port your Windows Server listens to LDAP requests
§ Bind DN username: The LDAP DN of the Bind DN user
§ Bind DN password: The password for the Bind DN user
Save the settings and restart the Advanced Proxy by clicking the Save and restart button. Congratulations, LDAP authentication is working now ...
Configuring LDAP group based access control
Step 1: Create a group for authorized users
Open the MMC snap-in Active Directory Users and Computers.
Right click on the Users folder and select New > Group from the menu (figure 11).
Enter the name for the new group (figure 12).
Add all authorized users to this group (figure 13).
Note: It's possible to add users from different Organizational Units to this group.
Step 2: Configure LDAP authentication with group based access control
Open the Advanced Proxy GUI page, select LDAP from the section Authentication method and hit Save.
Note: If you are configuring LDAP authentication for the first time, Advanced Proxy may complain about the missing LDAP Base DN.
Now enter the following LDAP settings into the Advanced Proxy GUI (figure 10):
§ Base DN: The start where the LDAP search begins
§ LDAP type: Active Directory
§ LDAP Server: The IP address of your Windows LDAP Server
§ Port: The port your Windows Server listens to LDAP requests
§ Bind DN username: The LDAP DN of the Bind DN user
§ Bind DN password: The password for the Bind DN user
§ Required group: The DN for a group with authorized user accounts
Save the settings and restart the Advanced Proxy by clicking the Save and restart button. From now on, only members of the given group will be able to access the proxy ...
(Désoler il manque les photos...)
Donc une foi tout paramètrer, impossible de surf la fenêtre d'autentification ne par pas!!!!
j'ai essayer plusieur syntaxe : MONDOMAIN\user ou user ou user@mondomain rien il ne veut pas s'authentifier!!
Mon group inetuser est bien dans cn=inetusers,cn=users,dc=mondomain,dc=com
Enfin la il y a quelque chose qui doit m'échaper!!!
Auriez vous un bon tuto ou une idée a mon problème???
Merci d'avance
