Thomas,
If you are looking for a simple SMB tool (Please excuse the off-topic
response).
-----
#!/opt/perl/current/bin/perl
#
# @(#)SquidSmbAuth.pl 1.6 [11/08/00 - 10:00:31]
#
# author: ron dilley
#
# desc: this perl script authenticates squid proxy requests
#
# Copyright (C) 2000 Ron A. Dilley
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA.
#
# ron.dilley@uberadmin.com
#
############################################################################
#
# modules
#
use Getopt::Std;
#
ftp://ftp.cpan.org/CPAN/modules/by-module/Authen/Authen-Smb-0.91.tar.gz
use Authen::Smb;
#
# pragmas
#
use strict;
#
# set environment
#
$ENV{PATH} = "/usr/bin:/bin:/usr/sbin:/sbin:/usr/ucb";
#
# turn on autoflush
#
select STDERR; $| = 1;
select STDOUT; $| = 1;
#
# defines
#
$::TRUE = 1;
$::FALSE = 0;
$::FAILED = -1;
$::VERSION = "1.6";
$::PROGNAME = "SquidSmbAuth.pl";
%::Config = ();
$::Config{'debug'} = $::FALSE;
$::Config{'pri_dc'} = 'dc1';
$::Config{'sec_dc'} = 'dc2';
$::Config{'nt_domain'} = 'DOMAIN';
$::Config{'log_file'} = '/var/tmp/squidsmbauth.log';
#
# main routine
#
if ( &main() != $::TRUE ) {
exit( 1 );
}
exit( 0 );
############################################################################
#
# sub-routines
#
#
# main routine
#
sub main {
my $arg;
#
# display script banner
#
#&show_banner();
#
# parse command-line
#
&parse_command_line();
# process args that are left
while( $arg = shift( @::ARGV ) ) {
# do something
}
#
# authenticate users
#
if ( &auth_users() != $::TRUE ) {
return $::FAILED;
}
# done
return $::TRUE;
}
#
# display banner info
#
sub show_banner {
print "$::PROGNAME v$::VERSION\n";
print "By: Ron Dilley\n";
print "\n";
print "$::PROGNAME comes with ABSOLUTELY NO WARRANTY.\n";
print "This is free software, and you are welcome\n";
print "to redistribute it under certain conditions;\n";
print "See the GNU General Public License for details.\n";
print "\n";
return $::TRUE;
}
#
# display help info
#
sub show_help {
print "Syntax:\n";
print "\n";
print "$::PROGNAME [options]\n";
print "\n";
print "-d {0-9} Display debug information during program run\n";
print "-f {fname} Override default logfile\n";
print "\n";
return $::TRUE;
}
#
# parse command-line arguments
#
sub parse_command_line {
no strict 'vars';
if ( getopts( 'd:f:' ) == $::FALSE ) {
&show_help();
return $::FAILED;
}
if ( defined $opt_d ) {
if ( $opt_d > 0 ) {
# set debug mode
$::Config{'debug'} = $opt_d;
}
}
if ( defined $opt_f ) {
# override default logfile
$::Config{'log_file'} = $opt_f;
}
return $::TRUE;
}
#
# authenticate users
#
sub auth_users {
no strict 'subs';
my $line;
my $authResult;
my $uname;
my $passwd;
#
# if we are in debug mode, open a log file
#
if ( $::Config{'debug'} >= 1 ) {
if ( ! defined ( open( LOG, ">> $::Config{'log_file'}" ) ) ) {
print STDERR "ERROR - Unable to open log file\n";
return $::FAILED;
}
}
while( $line = <STDIN> ) {
if ( $line =~ m/^(\w+) (\S+)\n$/ ) {
$uname = $1;
$passwd = $2;
$authResult = Authen::Smb::authen( $uname, $passwd,
$::Config{'pri_dc'}, $::Config{'sec_dc'}, $::Config{'nt_domain'} );
$passwd = "";
if ( $authResult == Authen::Smb::NO_ERROR ) {
print "OK\n";
if ( $::Config{'debug'} >= 1 ) {
print LOG time() . " $uname passed authentication\n";
}
} else {
print "ERR\n";
if ( $::Config{'debug'} >= 1 ) {
print LOG time() . " $uname failed authentication [$authResult]\n";
}
}
} else {
print "ERR\n";
if ( $::Config{'debug'} >= 1 ) {
print LOG time() . " Invalid input format [$line]\n";
}
}
}
#
# if we are in debug mode, close log file
#
if ( $::Config{'debug'} >= 1 ) {
close( LOG );
}
return $::TRUE;
}
-----
Thanks,
Ron
Thomas Nilsen wrote:
>
> I've searched through the FAQ, mailing lists and internet in general to see
> if I could find solution on how the pam_auth & pam_smb module should be
> configured to work with Squid.
>
> I'm running Squid 2.3Stable4 on a Linux RH 6.2 box. I've compiled the
> pam_auth module and the pam_smb module as well. However, I have not found
> any documentation that really explains how the "authentication_program
> /usr/local/squid/bin/....." config line should be set as. What parameters
> does it take after the pam_auth module is defined?
>
> As I have not seen any Howto's describing the PAM/SMB combination I am
> willing to write on if I can get this up and running.
>
> And just to clarify my findings: Does the users have to have an account on
> the linux box as well as on the NT domain??
>
> Regards, Thomas Nilsen
> Global Services
> Kverneland IT AS
> Phone: +44 1380 72 23 61 Ext. 201 - Mobile: +44 7967967317
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
-- +--------------------------------------------------------+ | Ron Dilley Sr. UNIX Administrator | | BO/CIS System Ops rdilley@amgen.com | | Amgen Inc. (805)447-6730 | +--------------------------------------------------------+
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:17 MST