Check The Connection To Active Directory
ping your Active Directory IP Address using below command
root@sabproxy:~# ping 192.168.221.1
PING 192.168.221.1 (192.168.221.1) 56(84) bytes of data.
64 bytes from 192.168.221.1: icmp_seq=1 ttl=128 time=0.396 ms
64 bytes from 192.168.221.1: icmp_seq=2 ttl=128 time=0.446 ms
64 bytes from 192.168.221.1: icmp_seq=3 ttl=128 time=0.361 ms
--- 192.168.221.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.361/0.401/0.446/0.034 ms
ping your Active Directory FQDN using below command
root@sabproxy:~# ping ad.safesquid.test
PING ad.safesquid.test (192.168.221.1) 56(84) bytes of data.
64 bytes from 192.168.221.1: icmp_seq=1 ttl=128 time=0.262 ms
64 bytes from 192.168.221.1: icmp_seq=2 ttl=128 time=0.358 ms
64 bytes from 192.168.221.1: icmp_seq=3 ttl=128 time=0.442 ms
^C
--- ad.safesquid.test ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.262/0.354/0.442/0.073 ms
Note: ad.safesquid.test (192.168.221.1) >> Active Directory FQDN and IP Address
If you unable to contact to Active Directory you should face error as shown below " Destination Host Unreachable"
root@sabproxy:~# ping 192.168.221.1
PING 192.168.221.1 (192.168.221.1) 56(84) bytes of data.
From 192.168.221.222 icmp_seq=31 Destination Host Unreachable
From 192.168.221.222 icmp_seq=32 Destination Host Unreachable
--- 192.168.221.1 ping statistics ---
37 packets transmitted, 0 received, +6 errors, 100% packet loss, time 36269ms
Ldap Entries Are Not Fetched
Re: Ldap Entries Are Not Fetched
You Should Not Properly Configured Ldap With Active Directory
Verify it from SafeSquid Logs.
Run command: tail -F /var/log/safesquid/native/safesquid.log
Make LDAP Global Section TRUE and Configure LDAP with AD and Save Policy and capture native logs.
=======
POST http://safesquid.cfg/ HTTP/1.1
Host: safesquid.cfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://safesquid.cfg/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Connection: keep-alive
2019 04 08 12:23:55.725 [10281] debug: network: net_filebuf_read: speed: 192.168.0.10 uploaded to safesquid.cfg 25 bytes in 20.0000 us [ 1.2500 MBps ]
2019 04 08 12:23:55.725 [10281] debug: request: buffered 25 bytes of POSTDATA
2019 04 08 12:23:55.725 [10281] debug: interface: [IP:192.168.0.10] [1]
2019 04 08 12:23:55.725 [10281] debug: interface: invoke_handler:89 [ldap]
2019 04 08 12:23:55.732 [0] debug: ldap: cache_update:1937 manual/configuration update
2019 04 08 12:23:55.732 [0] debug: network: writing 0 bytes to /usr/local/safesquid/security/dns/safesquid.dns.conf file
2019 04 08 12:23:55.732 [0] debug: ldap: init_routine_unlocked:239 connection not exists in pool for domain safesquid.local
2019 04 08 12:23:55.732 [0] debug: ldap: get_ld:1174 192.168.221.1:389 max query limit:[0], 0 means no limit
2019 04 08 12:23:58.731 [0] error: ldap: s_bind:2253 authentication failed for user:administrator@safesquid.local [-1:Can't contact LDAP server]
2019 04 08 12:23:58.733 [10281] debug: header: to 192.168.0.10:
HTTP/1.1 200 OK
X-Powered-By: safesquid-2019.0401.1624.3-swg-standard
Date: Mon, 08 Apr 2019 12:23:55 GMT
Content-Type: text/xml
Content-Length: 40
Cache-Control: no-cache
Proxy-Connection: keep-alive
X-SafeSquid-Client-ID: 10281.1
X-SafeSquid-User-Groups: ADMINS
============
That means LDAP server is not contacted to your AD (Active Directory) server.
Verify it from SafeSquid Logs.
Run command: tail -F /var/log/safesquid/native/safesquid.log
Make LDAP Global Section TRUE and Configure LDAP with AD and Save Policy and capture native logs.
=======
POST http://safesquid.cfg/ HTTP/1.1
Host: safesquid.cfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://safesquid.cfg/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Connection: keep-alive
2019 04 08 12:23:55.725 [10281] debug: network: net_filebuf_read: speed: 192.168.0.10 uploaded to safesquid.cfg 25 bytes in 20.0000 us [ 1.2500 MBps ]
2019 04 08 12:23:55.725 [10281] debug: request: buffered 25 bytes of POSTDATA
2019 04 08 12:23:55.725 [10281] debug: interface: [IP:192.168.0.10] [1]
2019 04 08 12:23:55.725 [10281] debug: interface: invoke_handler:89 [ldap]
2019 04 08 12:23:55.732 [0] debug: ldap: cache_update:1937 manual/configuration update
2019 04 08 12:23:55.732 [0] debug: network: writing 0 bytes to /usr/local/safesquid/security/dns/safesquid.dns.conf file
2019 04 08 12:23:55.732 [0] debug: ldap: init_routine_unlocked:239 connection not exists in pool for domain safesquid.local
2019 04 08 12:23:55.732 [0] debug: ldap: get_ld:1174 192.168.221.1:389 max query limit:[0], 0 means no limit
2019 04 08 12:23:58.731 [0] error: ldap: s_bind:2253 authentication failed for user:administrator@safesquid.local [-1:Can't contact LDAP server]
2019 04 08 12:23:58.733 [10281] debug: header: to 192.168.0.10:
HTTP/1.1 200 OK
X-Powered-By: safesquid-2019.0401.1624.3-swg-standard
Date: Mon, 08 Apr 2019 12:23:55 GMT
Content-Type: text/xml
Content-Length: 40
Cache-Control: no-cache
Proxy-Connection: keep-alive
X-SafeSquid-Client-ID: 10281.1
X-SafeSquid-User-Groups: ADMINS
============
That means LDAP server is not contacted to your AD (Active Directory) server.
Re: Ldap Entries Are Not Fetched
Check for configuration of LDAP with AD(Active Directory).
Run command on console:
ldapsearch -x -h 192.168.221.1 -b "dc=safesquid,dc=test" -D adusername@domain -w password
root@sabproxy:~# ldapsearch -x -h 192.168.221.1 -b "dc=safesquid,dc=test" -D administrator@safesquid.test -w sarva@1234
The above command give you result of all the fetch entries of users from AD only if the configuration of Ldap integration is correct.
Follow the Link for How to integrate AD or Open LDAP with SafeSquid
Root Cause : You are not able to contact to AD(Active Directory).
Run command on console:
ldapsearch -x -h 192.168.221.1 -b "dc=safesquid,dc=test" -D adusername@domain -w password
root@sabproxy:~# ldapsearch -x -h 192.168.221.1 -b "dc=safesquid,dc=test" -D administrator@safesquid.test -w sarva@1234
The above command give you result of all the fetch entries of users from AD only if the configuration of Ldap integration is correct.
Follow the Link for How to integrate AD or Open LDAP with SafeSquid
Root Cause : You are not able to contact to AD(Active Directory).